Add support for rate limit http connections

diff --git a/cookbooks/networking/attributes/default.rb b/cookbooks/networking/attributes/default.rb
index 88a4091f526af4ea058b8b59ee76067cf0ed4fbb..e7dcf265cae7853b321c99240c724a0d2ec2d299 100644 (file)
--- a/cookbooks/networking/attributes/default.rb
+++ b/cookbooks/networking/attributes/default.rb
@@ -1,5 +1,6 @@
 default[:networking][:firewall][:inet] = []
 default[:networking][:firewall][:inet6] = []
+default[:networking][:firewall][:http_rate_limit] = "-"
 default[:networking][:firewall][:http_connection_limit] = "-"
 default[:networking][:interfaces] = {}
 default[:networking][:nameservers] = []

diff --git a/cookbooks/networking/recipes/default.rb b/cookbooks/networking/recipes/default.rb
index 697f2c34edf4ecea2aec60c3ffb68bf279d21c34..09b431fd371254c75edacd7685b443a8e65c3c4f 100644 (file)
--- a/cookbooks/networking/recipes/default.rb
+++ b/cookbooks/networking/recipes/default.rb
@@ -336,6 +336,7 @@ firewall_rule "accept-http" do
   dest "fw"
   proto "tcp:syn"
   dest_ports "http"
+  rate_limit node[:networking][:firewall][:http_rate_limit]
   connection_limit node[:networking][:firewall][:http_connection_limit]
 end
 
@@ -345,5 +346,6 @@ firewall_rule "accept-https" do
   dest "fw"
   proto "tcp:syn"
   dest_ports "https"
+  rate_limit node[:networking][:firewall][:http_rate_limit]
   connection_limit node[:networking][:firewall][:http_connection_limit]
 end