X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/faf8ae12e85eabb050b0f5eceb2cb67ad1de5261..ac4c98fd9572dc03e5d883710f2ee5443dd3aee7:/cookbooks/networking/definitions/firewall_rule.rb diff --git a/cookbooks/networking/definitions/firewall_rule.rb b/cookbooks/networking/definitions/firewall_rule.rb index 44d141860..0196c4132 100644 --- a/cookbooks/networking/definitions/firewall_rule.rb +++ b/cookbooks/networking/definitions/firewall_rule.rb @@ -1,14 +1,14 @@ # -# Cookbook Name:: networking +# Cookbook:: networking # Definition:: firewall_rule # -# Copyright 2011, OpenStreetMap Foundation +# Copyright:: 2011, OpenStreetMap Foundation # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # -# http://www.apache.org/licenses/LICENSE-2.0 +# https://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, @@ -18,15 +18,6 @@ # define :firewall_rule, :action => :accept do - inet = nil - inet6 = nil - - begin - inet = resources(:template => "/etc/shorewall/rules") - inet6 = resources(:template => "/etc/shorewall6/rules") - rescue - end - rule = Hash[ :action => params[:action].to_s.upcase, :source => params[:source], @@ -34,16 +25,18 @@ define :firewall_rule, :action => :accept do :proto => params[:proto], :dest_ports => params[:dest_ports] || "-", :source_ports => params[:source_ports] || "-", - :rate_limit => params[:rate_limit] || "-" + :rate_limit => params[:rate_limit] || "-", + :connection_limit => params[:connection_limit] || "-", + :helper => params[:helper] || "-" ] if params[:family].nil? - inet.variables[:rules] << rule unless inet.nil? - inet6.variables[:rules] << rule unless inet6.nil? + node.default[:networking][:firewall][:inet] << rule + node.default[:networking][:firewall][:inet6] << rule elsif params[:family].to_s == "inet" - inet.variables[:rules] << rule unless inet.nil? + node.default[:networking][:firewall][:inet] << rule elsif params[:family].to_s == "inet6" - inet6.variables[:rules] << rule unless inet6.nil? + node.default[:networking][:firewall][:inet6] << rule else log "Unsupported network family" do level :error