Simplify rate limit and connection limit configuration

author Tom Hughes <tom@compton.nu>

Tue, 7 Mar 2023 19:16:42 +0000 (19:16 +0000)

committer Tom Hughes <tom@compton.nu>

Tue, 7 Mar 2023 19:16:42 +0000 (19:16 +0000)
author Tom Hughes <tom@compton.nu>
Tue, 7 Mar 2023 19:16:42 +0000 (19:16 +0000)
committer Tom Hughes <tom@compton.nu>
Tue, 7 Mar 2023 19:16:42 +0000 (19:16 +0000)
diff --git a/cookbooks/networking/attributes/default.rb b/cookbooks/networking/attributes/default.rb

index 829a6465e7290dd0c8ab1fff6d2658570b050944..dcecbb5f6a996310cea04f573804c0be2852e1aa 100644 (file)
--- a/cookbooks/networking/attributes/default.rb
+++ b/cookbooks/networking/attributes/default.rb
@@ -2,8 +2,8 @@ default[:networking][:firewall][:enabled] = true
  default[:networking][:firewall][:sets] = []
  default[:networking][:firewall][:incoming] = []
  default[:networking][:firewall][:outgoing] = []
  default[:networking][:firewall][:sets] = []
  default[:networking][:firewall][:incoming] = []
  default[:networking][:firewall][:outgoing] = []
-default[:networking][:firewall][:http_rate_limit] = "-"
-default[:networking][:firewall][:http_connection_limit] = "-"
+default[:networking][:firewall][:http_rate_limit] = nil
+default[:networking][:firewall][:http_connection_limit] = nil
  default[:networking][:firewall][:allowlist] = []
  default[:networking][:roles] = {}
  default[:networking][:interfaces] = {}
  default[:networking][:firewall][:allowlist] = []
  default[:networking][:roles] = {}
  default[:networking][:interfaces] = {}
diff --git a/cookbooks/networking/resources/firewall_rule.rb b/cookbooks/networking/resources/firewall_rule.rb

index e5f07dca64fbd24866d50e3a1d87f33abc72360c..38572764768eed42d695009a086712802ae7f18b 100644 (file)
--- a/cookbooks/networking/resources/firewall_rule.rb
+++ b/cookbooks/networking/resources/firewall_rule.rb
@@ -31,8 +31,8 @@ property :dest, :kind_of => String, :required => true
  property :proto, :kind_of => String, :required => true
  property :dest_ports, :kind_of => [String, Integer, Array]
  property :source_ports, :kind_of => [String, Integer, Array]
  property :proto, :kind_of => String, :required => true
  property :dest_ports, :kind_of => [String, Integer, Array]
  property :source_ports, :kind_of => [String, Integer, Array]
-property :rate_limit, :kind_of => String, :default => "-"
-property :connection_limit, :kind_of => [String, Integer], :default => "-"
+property :rate_limit, :kind_of => String
+property :connection_limit, :kind_of => [String, Integer]
  
  property :compile_time, TrueClass, :default => true
  
  
  property :compile_time, TrueClass, :default => true
  
@@ -96,7 +96,7 @@ action_class do
  
      rule << "ct state new" if new_resource.proto == "tcp"
  
  
      rule << "ct state new" if new_resource.proto == "tcp"
  
-    if new_resource.connection_limit != "-"
+    if new_resource.connection_limit
        set = "connlimit-#{new_resource.rule}-#{ip}"
  
        node.default[:networking][:firewall][:sets] << set
        set = "connlimit-#{new_resource.rule}-#{ip}"
  
        node.default[:networking][:firewall][:sets] << set
author	Tom Hughes <tom@compton.nu>
	Tue, 7 Mar 2023 19:16:42 +0000 (19:16 +0000)
committer	Tom Hughes <tom@compton.nu>
	Tue, 7 Mar 2023 19:16:42 +0000 (19:16 +0000)
cookbooks/networking/attributes/default.rb		patch \| blob \| history
cookbooks/networking/resources/firewall_rule.rb		patch \| blob \| history