X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/cc045c868bf15083df4db4442c0d92814441951e..a45c1200e1b7b9ffdefe5fef3af9b1a93f5de31d:/cookbooks/networking/resources/firewall_rule.rb?ds=sidebyside

diff --git a/cookbooks/networking/resources/firewall_rule.rb b/cookbooks/networking/resources/firewall_rule.rb
index 48a5074d7..75d73dc11 100644
--- a/cookbooks/networking/resources/firewall_rule.rb
+++ b/cookbooks/networking/resources/firewall_rule.rb
@@ -134,17 +134,21 @@ action_class do
     end
 
     if new_resource.connection_limit != "-"
-      rule << "ct count #{new_resource.connection_limit}"
+      set = "connlimit-#{new_resource.rule}-#{ip}"
+
+      node.default[:networking][:firewall][:sets] << set
+
+      rule << "add @#{set} { #{ip} saddr ct count #{new_resource.connection_limit} }"
     end
 
     if new_resource.rate_limit =~ %r{^s:(\d+)/sec:(\d+)$}
-      set = "#{new_resource.rule}-#{ip}"
+      set = "ratelimit-#{new_resource.rule}-#{ip}"
       rate = Regexp.last_match(1)
       burst = Regexp.last_match(2)
 
       node.default[:networking][:firewall][:sets] << set
 
-      rule << "add @#{set} { #{ip} saddr limit rate #{rate}/second burst #{burst} packets }"
+      rule << "update @#{set} { #{ip} saddr limit rate #{rate}/second burst #{burst} packets }"
     end
 
     rule << case action