diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2011-11-10 16:36:13 -0200 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2011-11-10 16:36:13 -0200 |
commit | 7d40f000abf43f9f18f3dcdef434a1acc6c75063 (patch) | |
tree | c2e81d24e3abab7de89385bb6843151f8e39f248 /manifests/physical.pp | |
parent | 77b0cca4290409039e6cd5e187838e7465faf3c5 (diff) | |
download | puppet-nodo-7d40f000abf43f9f18f3dcdef434a1acc6c75063.tar.gz puppet-nodo-7d40f000abf43f9f18f3dcdef434a1acc6c75063.tar.bz2 |
SSL computational DoS mitigation
Diffstat (limited to 'manifests/physical.pp')
-rw-r--r-- | manifests/physical.pp | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/manifests/physical.pp b/manifests/physical.pp index 4805a53..055b010 100644 --- a/manifests/physical.pp +++ b/manifests/physical.pp @@ -1,6 +1,5 @@ class nodo::physical inherits nodo { include syslog-ng - include firewall include initramfs include modprobe include firewire @@ -11,6 +10,19 @@ class nodo::physical inherits nodo { include resolver include monkeysphere_nodo + # SSL computational DoS mitigation + # See http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html + $firewall_ssl_ratelimit = $firewall_ssl_ratelimit ? { + '' => $firewall_global_ssl_ratelimit ? { + '' => '-', + default => $firewall_global_ssl_ratelimit, + }, + default => $firewall_ssl_ratelimit, + } + + # Firewall configuration + include firewall + # Vserver configuration $vserver_vdirbase = "/var/vservers" include vserver::host |