aboutsummaryrefslogtreecommitdiff
path: root/manifests/subsystems/firewall
diff options
context:
space:
mode:
authorSilvio Rhatto <rhatto@riseup.net>2011-11-10 16:36:13 -0200
committerSilvio Rhatto <rhatto@riseup.net>2011-11-10 16:36:13 -0200
commit7d40f000abf43f9f18f3dcdef434a1acc6c75063 (patch)
treec2e81d24e3abab7de89385bb6843151f8e39f248 /manifests/subsystems/firewall
parent77b0cca4290409039e6cd5e187838e7465faf3c5 (diff)
downloadpuppet-nodo-7d40f000abf43f9f18f3dcdef434a1acc6c75063.tar.gz
puppet-nodo-7d40f000abf43f9f18f3dcdef434a1acc6c75063.tar.bz2
SSL computational DoS mitigation
Diffstat (limited to 'manifests/subsystems/firewall')
-rw-r--r--manifests/subsystems/firewall/vserver.pp16
1 files changed, 8 insertions, 8 deletions
diff --git a/manifests/subsystems/firewall/vserver.pp b/manifests/subsystems/firewall/vserver.pp
index 784c38d..e914fc6 100644
--- a/manifests/subsystems/firewall/vserver.pp
+++ b/manifests/subsystems/firewall/vserver.pp
@@ -28,7 +28,7 @@ class firewall::vserver::https($destination, $zone = 'vm') {
destination => "$zone:$destination:443",
proto => 'tcp',
destinationport => '443',
- ratelimit => '-',
+ ratelimit => "$firewall_ssl_ratelimit",
order => '602',
}
@@ -39,7 +39,7 @@ class firewall::vserver::https($destination, $zone = 'vm') {
proto => 'tcp',
destinationport => '443',
originaldest => "$ipaddress",
- ratelimit => '-',
+ ratelimit => "$firewall_ssl_ratelimit",
order => '602',
}
}
@@ -51,7 +51,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140',
destination => "$zone:$destination:$puppetmaster_port",
proto => 'tcp',
destinationport => "$puppetmaster_port",
- ratelimit => '-',
+ ratelimit => "$firewall_ssl_ratelimit",
order => '700',
}
@@ -61,7 +61,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140',
destination => "$zone:$destination:$puppetmaster_port",
proto => 'udp',
destinationport => "$puppetmaster_port",
- ratelimit => '-',
+ ratelimit => "$firewall_ssl_ratelimit",
order => '701',
}
@@ -72,7 +72,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140',
proto => 'tcp',
destinationport => "$puppetmaster_port",
originaldest => "$ipaddress",
- ratelimit => '-',
+ ratelimit => "$firewall_ssl_ratelimit",
order => '702',
}
@@ -83,7 +83,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140',
proto => 'udp',
destinationport => "$puppetmaster_port",
originaldest => "$ipaddress",
- ratelimit => '-',
+ ratelimit => "$firewall_ssl_ratelimit",
order => '703',
}
@@ -204,7 +204,7 @@ class firewall::vserver::mail($destination, $zone = 'fw') {
destination => "$zone:$destination:993",
proto => 'tcp',
destinationport => '993',
- ratelimit => '-',
+ ratelimit => "$firewall_ssl_ratelimit",
order => '1002',
}
@@ -215,7 +215,7 @@ class firewall::vserver::mail($destination, $zone = 'fw') {
proto => 'tcp',
destinationport => '993',
originaldest => "$ipaddress",
- ratelimit => '-',
+ ratelimit => "$firewall_ssl_ratelimit",
order => '1003',
}
}