X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/faf8ae12e85eabb050b0f5eceb2cb67ad1de5261..8635e6f1a4ff863b9f447416f40088dbeedcc7a1:/cookbooks/networking/definitions/firewall_rule.rb diff --git a/cookbooks/networking/definitions/firewall_rule.rb b/cookbooks/networking/definitions/firewall_rule.rb index 44d141860..eb60a684c 100644 --- a/cookbooks/networking/definitions/firewall_rule.rb +++ b/cookbooks/networking/definitions/firewall_rule.rb @@ -18,15 +18,6 @@ # define :firewall_rule, :action => :accept do - inet = nil - inet6 = nil - - begin - inet = resources(:template => "/etc/shorewall/rules") - inet6 = resources(:template => "/etc/shorewall6/rules") - rescue - end - rule = Hash[ :action => params[:action].to_s.upcase, :source => params[:source], @@ -34,16 +25,17 @@ define :firewall_rule, :action => :accept do :proto => params[:proto], :dest_ports => params[:dest_ports] || "-", :source_ports => params[:source_ports] || "-", - :rate_limit => params[:rate_limit] || "-" + :rate_limit => params[:rate_limit] || "-", + :connection_limit => params[:connection_limit] || "-" ] if params[:family].nil? - inet.variables[:rules] << rule unless inet.nil? - inet6.variables[:rules] << rule unless inet6.nil? + node.default[:networking][:firewall][:inet] << rule + node.default[:networking][:firewall][:inet6] << rule elsif params[:family].to_s == "inet" - inet.variables[:rules] << rule unless inet.nil? + node.default[:networking][:firewall][:inet] << rule elsif params[:family].to_s == "inet6" - inet6.variables[:rules] << rule unless inet6.nil? + node.default[:networking][:firewall][:inet6] << rule else log "Unsupported network family" do level :error