Add support for rate limit http connections
authorTom Hughes <tom@compton.nu>
Tue, 19 Dec 2017 20:55:42 +0000 (20:55 +0000)
committerTom Hughes <tom@compton.nu>
Tue, 19 Dec 2017 20:55:42 +0000 (20:55 +0000)
cookbooks/networking/attributes/default.rb
cookbooks/networking/recipes/default.rb

index 88a4091..e7dcf26 100644 (file)
@@ -1,5 +1,6 @@
 default[:networking][:firewall][:inet] = []
 default[:networking][:firewall][:inet6] = []
+default[:networking][:firewall][:http_rate_limit] = "-"
 default[:networking][:firewall][:http_connection_limit] = "-"
 default[:networking][:interfaces] = {}
 default[:networking][:nameservers] = []
index 697f2c3..09b431f 100644 (file)
@@ -336,6 +336,7 @@ firewall_rule "accept-http" do
   dest "fw"
   proto "tcp:syn"
   dest_ports "http"
+  rate_limit node[:networking][:firewall][:http_rate_limit]
   connection_limit node[:networking][:firewall][:http_connection_limit]
 end
 
@@ -345,5 +346,6 @@ firewall_rule "accept-https" do
   dest "fw"
   proto "tcp:syn"
   dest_ports "https"
+  rate_limit node[:networking][:firewall][:http_rate_limit]
   connection_limit node[:networking][:firewall][:http_connection_limit]
 end