diff options
author | Silvio Rhatto <rhatto@riseup.net> | 2011-11-10 16:36:13 -0200 |
---|---|---|
committer | Silvio Rhatto <rhatto@riseup.net> | 2011-11-10 16:36:13 -0200 |
commit | 7d40f000abf43f9f18f3dcdef434a1acc6c75063 (patch) | |
tree | c2e81d24e3abab7de89385bb6843151f8e39f248 /manifests/subsystems/firewall | |
parent | 77b0cca4290409039e6cd5e187838e7465faf3c5 (diff) | |
download | puppet-nodo-7d40f000abf43f9f18f3dcdef434a1acc6c75063.tar.gz puppet-nodo-7d40f000abf43f9f18f3dcdef434a1acc6c75063.tar.bz2 |
SSL computational DoS mitigation
Diffstat (limited to 'manifests/subsystems/firewall')
-rw-r--r-- | manifests/subsystems/firewall/vserver.pp | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/manifests/subsystems/firewall/vserver.pp b/manifests/subsystems/firewall/vserver.pp index 784c38d..e914fc6 100644 --- a/manifests/subsystems/firewall/vserver.pp +++ b/manifests/subsystems/firewall/vserver.pp @@ -28,7 +28,7 @@ class firewall::vserver::https($destination, $zone = 'vm') { destination => "$zone:$destination:443", proto => 'tcp', destinationport => '443', - ratelimit => '-', + ratelimit => "$firewall_ssl_ratelimit", order => '602', } @@ -39,7 +39,7 @@ class firewall::vserver::https($destination, $zone = 'vm') { proto => 'tcp', destinationport => '443', originaldest => "$ipaddress", - ratelimit => '-', + ratelimit => "$firewall_ssl_ratelimit", order => '602', } } @@ -51,7 +51,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140', destination => "$zone:$destination:$puppetmaster_port", proto => 'tcp', destinationport => "$puppetmaster_port", - ratelimit => '-', + ratelimit => "$firewall_ssl_ratelimit", order => '700', } @@ -61,7 +61,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140', destination => "$zone:$destination:$puppetmaster_port", proto => 'udp', destinationport => "$puppetmaster_port", - ratelimit => '-', + ratelimit => "$firewall_ssl_ratelimit", order => '701', } @@ -72,7 +72,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140', proto => 'tcp', destinationport => "$puppetmaster_port", originaldest => "$ipaddress", - ratelimit => '-', + ratelimit => "$firewall_ssl_ratelimit", order => '702', } @@ -83,7 +83,7 @@ class firewall::vserver::puppetmaster($destination, $puppetmaster_port = '8140', proto => 'udp', destinationport => "$puppetmaster_port", originaldest => "$ipaddress", - ratelimit => '-', + ratelimit => "$firewall_ssl_ratelimit", order => '703', } @@ -204,7 +204,7 @@ class firewall::vserver::mail($destination, $zone = 'fw') { destination => "$zone:$destination:993", proto => 'tcp', destinationport => '993', - ratelimit => '-', + ratelimit => "$firewall_ssl_ratelimit", order => '1002', } @@ -215,7 +215,7 @@ class firewall::vserver::mail($destination, $zone = 'fw') { proto => 'tcp', destinationport => '993', originaldest => "$ipaddress", - ratelimit => '-', + ratelimit => "$firewall_ssl_ratelimit", order => '1003', } } |