Puppet Class: profile::firewall::nftables_throttling
- Defined in:
- modules/profile/manifests/firewall/nftables_throttling.pp
Summary
manage backup timersOverview
SPDX-License-Identifier: Apache-2.0
8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
# File 'modules/profile/manifests/firewall/nftables_throttling.pp', line 8
class profile::firewall::nftables_throttling (
Wmflib::Ensure $ensure = lookup('profile::firewall::nftables_throttling::ensure',
{default_value => present}),
Integer $max_connections = lookup('profile::firewall::nftables_throttling::max_connections',
{default_value => 32}), # allow 32 parallel connections
Integer $throttle_duration = lookup('profile::firewall::nftables_throttling::throttle_duration',
{default_value => 300}), # ban clients above for 300 seconds
Enum['accept', 'drop'] $nft_policy = lookup('profile::firewall::nftables_throttling::nft_policy',
{default_value => 'accept'}),
Boolean $nft_logging = lookup('profile::firewall::nftables_throttling::nft_logging',
{default_value => false}),
Integer $port = lookup('profile::firewall::nftables_throttling::port',
{default_value => 443}),
) {
$nft_do_log = $nft_logging ? {
true => 'log ',
default => '',
}
# add throttling nftables chain T366882
nftables::file { 'throttling-chain':
ensure => $ensure,
order => 99,
content => template('profile/firewall/throttling.nft.erb'),
}
}
|