From: Tom Hughes <tom@compton.nu>
Date: Sun, 5 Mar 2023 19:45:59 +0000 (+0000)
Subject: Remove size limits on firewall sets
X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/5ac0eba538056a5568b3b9de31be692d5efeeec5

Remove size limits on firewall sets
---

diff --git a/cookbooks/networking/templates/default/nftables.conf.erb b/cookbooks/networking/templates/default/nftables.conf.erb
index 140510c36..94c383525 100644
--- a/cookbooks/networking/templates/default/nftables.conf.erb
+++ b/cookbooks/networking/templates/default/nftables.conf.erb
@@ -25,21 +25,25 @@ table inet filter {
   set ip-blacklist {
     type ipv4_addr
     flags dynamic
+    size 0
   }
 
   set ip6-blacklist {
     type ipv6_addr
     flags dynamic
+    size 0
   }
 
   set ratelimit-icmp-echo-ip {
     type ipv4_addr
     flags dynamic
+    size 0
   }
 
   set ratelimit-icmp-echo-ip6 {
     type ipv6_addr
     flags dynamic
+    size 0
   }
 
 <%- node[:networking][:firewall][:sets].each do |set| %>
@@ -50,6 +54,7 @@ table inet filter {
     type ipv6_addr
 <%- end %>
     flags dynamic
+    size 0
   }
 
 <%- end %>