Defer evaluation of an edited file's contents

[chef.git] / roles / base.rb

diff --git a/roles/base.rb b/roles/base.rb
index 15c913d3d3d9354643ed176b9dc8a05cb9f1ddec..06bcaf9a245136602c23a76c2d295be85cc85f6e 100644 (file)
--- a/roles/base.rb
+++ b/roles/base.rb
@@ -49,9 +49,9 @@ default_attributes(
       }
     },
     :tcp_syncookies => {
-      :comment => "Turn off syncookies as they interact badly with the firewall",
+      :comment => "Turn on syncookies to protect against SYN floods",
       :parameters => {
-        "net.ipv4.tcp_syncookies" => "0"
+        "net.ipv4.tcp_syncookies" => "1"
       }
     }
   },
@@ -79,5 +79,6 @@ run_list(
   "recipe[openssh]",
   "recipe[sysctl]",
   "recipe[sysfs]",
-  "recipe[tools]"
+  "recipe[tools]",
+  "recipe[fail2ban]"
 )