]> git.openstreetmap.org Git - chef.git/commitdiff
Disable rate and connection limits
authorTom Hughes <tom@compton.nu>
Sun, 5 Mar 2023 14:00:05 +0000 (14:00 +0000)
committerTom Hughes <tom@compton.nu>
Sun, 5 Mar 2023 14:00:05 +0000 (14:00 +0000)
cookbooks/networking/resources/firewall_rule.rb

index 48a5074d7fba0a102da70150cd9f21b0163955b4..36500c022f5339cec5ed0fad790208f2253d8c2d 100644 (file)
@@ -133,19 +133,19 @@ action_class do
       rule << "ct state new"
     end
 
-    if new_resource.connection_limit != "-"
-      rule << "ct count #{new_resource.connection_limit}"
-    end
-
-    if new_resource.rate_limit =~ %r{^s:(\d+)/sec:(\d+)$}
-      set = "#{new_resource.rule}-#{ip}"
-      rate = Regexp.last_match(1)
-      burst = Regexp.last_match(2)
-
-      node.default[:networking][:firewall][:sets] << set
-
-      rule << "add @#{set} { #{ip} saddr limit rate #{rate}/second burst #{burst} packets }"
-    end
+    if new_resource.connection_limit != "-"
+      rule << "ct count #{new_resource.connection_limit}"
+    end
+
+    if new_resource.rate_limit =~ %r{^s:(\d+)/sec:(\d+)$}
+      set = "#{new_resource.rule}-#{ip}"
+      rate = Regexp.last_match(1)
+      burst = Regexp.last_match(2)
+    #
+      node.default[:networking][:firewall][:sets] << set
+    #
+      rule << "add @#{set} { #{ip} saddr limit rate #{rate}/second burst #{burst} packets }"
+    end
 
     rule << case action
             when :accept then "accept"