rate_limit "s:1/sec:5"
end
-%w(ucl ic bm aws).each do |zone|
+%w[ucl ic bm aws].each do |zone|
firewall_rule "accept-openvpn-#{zone}" do
action :accept
family :inet
dest "fw"
proto "tcp:syn"
dest_ports "http"
+ rate_limit node[:networking][:firewall][:http_rate_limit]
+ connection_limit node[:networking][:firewall][:http_connection_limit]
end
firewall_rule "accept-https" do
dest "fw"
proto "tcp:syn"
dest_ports "https"
+ rate_limit node[:networking][:firewall][:http_rate_limit]
+ connection_limit node[:networking][:firewall][:http_connection_limit]
end