From: Stephen Gran <steve@lobefin.net>
Date: Wed, 18 Aug 2010 21:50:31 +0000 (+0100)
Subject: make http_limit opt-in rather than out
X-Git-Url: https://git.donarmstrong.com/?a=commitdiff_plain;h=69f2e9fa33a96df43f1f5b83f6bca436b0666d31;p=dsa-puppet.git

make http_limit opt-in rather than out

Signed-off-by: Stephen Gran <steve@lobefin.net>
---

diff --git a/modules/apache2/manifests/init.pp b/modules/apache2/manifests/init.pp
index b61b89a5..d90532d8 100644
--- a/modules/apache2/manifests/init.pp
+++ b/modules/apache2/manifests/init.pp
@@ -138,14 +138,7 @@ class apache2 {
     }
 
     case $hostname {
-        sibelius,stabile: {
-            @ferm::rule { "dsa-http":
-                prio            => "23",
-                description     => "Allow web access",
-                rule            => "&SERVICE(tcp, (http https))"
-            }
-        }
-        default: {
+        busoni,byrd,duarte,holter,lindberg,master,merkel,powell,rore: {
             @ferm::rule { "dsa-http-limit":
                 prio            => "20",
                 description     => "limit HTTP DOS",
@@ -212,6 +205,13 @@ class apache2 {
                 rule            => "proto tcp dport (http https) jump http;"
             }
         }
+        default: {
+            @ferm::rule { "dsa-http":
+                prio            => "23",
+                description     => "Allow web access",
+                rule            => "&SERVICE(tcp, (http https))"
+            }
+        }
     }
     @ferm::rule { "dsa-http-v6":
         domain          => "(ip6)",