nominatim: add restricted_ips.log to log rotation

[chef.git] / cookbooks / networking / definitions / firewall_rule.rb

diff --git a/cookbooks/networking/definitions/firewall_rule.rb b/cookbooks/networking/definitions/firewall_rule.rb
index 44d141860073b3592d0d2fd71c7a2dd9e6e0b587..eb60a684c9adb3b527ec835e7ab1b841e785115b 100644 (file)
--- a/cookbooks/networking/definitions/firewall_rule.rb
+++ b/cookbooks/networking/definitions/firewall_rule.rb
@@ -18,15 +18,6 @@
 #
 
 define :firewall_rule, :action => :accept do
-  inet = nil
-  inet6 = nil
-
-  begin
-    inet = resources(:template => "/etc/shorewall/rules")
-    inet6 = resources(:template => "/etc/shorewall6/rules")
-  rescue
-  end
-
   rule = Hash[
     :action => params[:action].to_s.upcase,
     :source => params[:source],
@@ -34,16 +25,17 @@ define :firewall_rule, :action => :accept do
     :proto => params[:proto],
     :dest_ports => params[:dest_ports] || "-",
     :source_ports => params[:source_ports] || "-",
-    :rate_limit => params[:rate_limit] || "-"
+    :rate_limit => params[:rate_limit] || "-",
+    :connection_limit => params[:connection_limit] || "-"
   ]
 
   if params[:family].nil?
-    inet.variables[:rules] << rule unless inet.nil?
-    inet6.variables[:rules] << rule unless inet6.nil?
+    node.default[:networking][:firewall][:inet] << rule
+    node.default[:networking][:firewall][:inet6] << rule
   elsif params[:family].to_s == "inet"
-    inet.variables[:rules] << rule unless inet.nil?
+    node.default[:networking][:firewall][:inet] << rule
   elsif params[:family].to_s == "inet6"
-    inet6.variables[:rules] << rule unless inet6.nil?
+    node.default[:networking][:firewall][:inet6] << rule
   else
     log "Unsupported network family" do
       level :error