From 8cb0dff3028536a89e82db81e5b908e6c037c1c7 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Tue, 19 Dec 2017 20:55:42 +0000
Subject: [PATCH] Add support for rate limit http connections

---
 cookbooks/networking/attributes/default.rb | 1 +
 cookbooks/networking/recipes/default.rb    | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/cookbooks/networking/attributes/default.rb b/cookbooks/networking/attributes/default.rb
index 88a4091f5..e7dcf265c 100644
--- a/cookbooks/networking/attributes/default.rb
+++ b/cookbooks/networking/attributes/default.rb
@@ -1,5 +1,6 @@
 default[:networking][:firewall][:inet] = []
 default[:networking][:firewall][:inet6] = []
+default[:networking][:firewall][:http_rate_limit] = "-"
 default[:networking][:firewall][:http_connection_limit] = "-"
 default[:networking][:interfaces] = {}
 default[:networking][:nameservers] = []
diff --git a/cookbooks/networking/recipes/default.rb b/cookbooks/networking/recipes/default.rb
index 697f2c34e..09b431fd3 100644
--- a/cookbooks/networking/recipes/default.rb
+++ b/cookbooks/networking/recipes/default.rb
@@ -336,6 +336,7 @@ firewall_rule "accept-http" do
   dest "fw"
   proto "tcp:syn"
   dest_ports "http"
+  rate_limit node[:networking][:firewall][:http_rate_limit]
   connection_limit node[:networking][:firewall][:http_connection_limit]
 end
 
@@ -345,5 +346,6 @@ firewall_rule "accept-https" do
   dest "fw"
   proto "tcp:syn"
   dest_ports "https"
+  rate_limit node[:networking][:firewall][:http_rate_limit]
   connection_limit node[:networking][:firewall][:http_connection_limit]
 end
-- 
2.43.2