X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/5fdb5f0bbc9e38b2a8b6f2136319b11dd5af435b..5f3a5421476c68027c50b821916585ab01f0efa1:/cookbooks/networking/resources/firewall_rule.rb

diff --git a/cookbooks/networking/resources/firewall_rule.rb b/cookbooks/networking/resources/firewall_rule.rb
index 36500c022..75d73dc11 100644
--- a/cookbooks/networking/resources/firewall_rule.rb
+++ b/cookbooks/networking/resources/firewall_rule.rb
@@ -133,19 +133,23 @@ action_class do
       rule << "ct state new"
     end
 
-    # if new_resource.connection_limit != "-"
-    #   rule << "ct count #{new_resource.connection_limit}"
-    # end
-
-    # if new_resource.rate_limit =~ %r{^s:(\d+)/sec:(\d+)$}
-    #   set = "#{new_resource.rule}-#{ip}"
-    #   rate = Regexp.last_match(1)
-    #   burst = Regexp.last_match(2)
-    #
-    #   node.default[:networking][:firewall][:sets] << set
-    #
-    #   rule << "add @#{set} { #{ip} saddr limit rate #{rate}/second burst #{burst} packets }"
-    # end
+    if new_resource.connection_limit != "-"
+      set = "connlimit-#{new_resource.rule}-#{ip}"
+
+      node.default[:networking][:firewall][:sets] << set
+
+      rule << "add @#{set} { #{ip} saddr ct count #{new_resource.connection_limit} }"
+    end
+
+    if new_resource.rate_limit =~ %r{^s:(\d+)/sec:(\d+)$}
+      set = "ratelimit-#{new_resource.rule}-#{ip}"
+      rate = Regexp.last_match(1)
+      burst = Regexp.last_match(2)
+
+      node.default[:networking][:firewall][:sets] << set
+
+      rule << "update @#{set} { #{ip} saddr limit rate #{rate}/second burst #{burst} packets }"
+    end
 
     rule << case action
             when :accept then "accept"