if interface[:role] && (role = node[:networking][:roles][interface[:role]])
if role[interface[:family]]
- node.set[:networking][:interfaces][name][:prefix] = role[interface[:family]][:prefix]
- node.set[:networking][:interfaces][name][:gateway] = role[interface[:family]][:gateway]
+ node.normal[:networking][:interfaces][name][:prefix] = role[interface[:family]][:prefix]
+ node.normal[:networking][:interfaces][name][:gateway] = role[interface[:family]][:gateway]
end
- node.set[:networking][:interfaces][name][:metric] = role[:metric]
- node.set[:networking][:interfaces][name][:zone] = role[:zone]
+ node.normal[:networking][:interfaces][name][:metric] = role[:metric]
+ node.normal[:networking][:interfaces][name][:zone] = role[:zone]
end
prefix = node[:networking][:interfaces][name][:prefix]
- node.set[:networking][:interfaces][name][:netmask] = (~IPAddr.new(interface[:address]).mask(0)).mask(prefix)
- node.set[:networking][:interfaces][name][:network] = IPAddr.new(interface[:address]).mask(prefix)
+ node.normal[:networking][:interfaces][name][:netmask] = (~IPAddr.new(interface[:address]).mask(0)).mask(prefix)
+ node.normal[:networking][:interfaces][name][:network] = IPAddr.new(interface[:address]).mask(prefix)
end
package network_packages
rate_limit "s:1/sec:5"
end
-%w(ucl ic bm aws).each do |zone|
+%w[ucl ic bm aws].each do |zone|
firewall_rule "accept-openvpn-#{zone}" do
action :accept
family :inet
dest "fw"
proto "tcp:syn"
dest_ports "http"
+ rate_limit node[:networking][:firewall][:http_rate_limit]
+ connection_limit node[:networking][:firewall][:http_connection_limit]
end
firewall_rule "accept-https" do
dest "fw"
proto "tcp:syn"
dest_ports "https"
+ rate_limit node[:networking][:firewall][:http_rate_limit]
+ connection_limit node[:networking][:firewall][:http_connection_limit]
end