From: Grant Slater <git@firefishy.com>
Date: Fri, 9 Aug 2013 10:47:42 +0000 (+0100)
Subject: Revert "Tilecache: Firewall allow ICP traffic between caches"
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/bfa2c5bee43891f5b3de8f7cc7fe5be7515afe8a?ds=sidebyside

Revert "Tilecache: Firewall allow ICP traffic between caches"

This reverts commit b0da4432c68bf24f58fcf0c367e3d091493eb6aa.
---

diff --git a/cookbooks/tilecache/recipes/default.rb b/cookbooks/tilecache/recipes/default.rb
index fbd8ef64d..5b44be21f 100644
--- a/cookbooks/tilecache/recipes/default.rb
+++ b/cookbooks/tilecache/recipes/default.rb
@@ -21,27 +21,6 @@ include_recipe "squid"
 
 tilecaches = search(:node, "roles:tilecache").sort_by { |n| n[:hostname] }
 
-@tilecaches.each do |cache|
-  cache.ipaddresses(:family => :inet, :role => :external).sort.each do |address|
-    firewall_rule "accept-squid" do
-      action :accept
-      source "net:#{address}"
-      dest "fw"
-      proto "tcp:syn"
-      dest_ports "3128"
-      source_ports "1024:"
-    end
-    firewall_rule "accept-squid-icp" do
-      action :accept
-      source "net:#{address}"
-      dest "fw"
-      proto "udp"
-      dest_ports "3130"
-      source_ports "1024:"
-    end
-  end
-end
-
 squid_fragment "tilecache" do
   template "squid.conf.erb"
   variables :caches => tilecaches