Extlookup for firewall_ssl_ratelimit

diff --git a/manifests/subsystems/firewall.pp b/manifests/subsystems/firewall.pp
index a43662f384b9eb1c2351ccaa67006c565e319dfa..130e63875c5661e6e157b56e930b40af4119b67f 100644 (file)
--- a/manifests/subsystems/firewall.pp
+++ b/manifests/subsystems/firewall.pp
@@ -2,16 +2,6 @@
 class firewall {
   class { 'shorewall': }
 
-  # SSL computational DoS mitigation
-  # See http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html
-  $firewall_ssl_ratelimit = $firewall_ssl_ratelimit ? {
-    ''      => $firewall_global_ssl_ratelimit ? {
-      ''      => '-',
-      default => $firewall_global_ssl_ratelimit,
-    },
-    default => $firewall_ssl_ratelimit,
-  }
-
   $rfc1918 = $shorewall_local_net ? {
     true    => true,
     false   => false,
@@ -120,13 +110,15 @@ class firewall {
     order           => 102,
   }
 
+  # SSL computational DoS mitigation
+  # See http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html
   shorewall::rule { 'https':
     action          => 'HTTPS/ACCEPT',
     source          => 'net',
     destination     => '$FW',
     proto           => '-',
     destinationport => '-',
-    ratelimit       => "$firewall_ssl_ratelimit",
+    ratelimit       => extlookup("firewall_ssl_ratelimit", '-'),
     order           => 103,
   }
 

diff --git a/manifests/subsystems/monitor.pp b/manifests/subsystems/monitor.pp
index 5be350978ace2d199080cd78017701405805d7b6..2e598384ec393045eb1355523593b8fe8787b3be 100644 (file)
--- a/manifests/subsystems/monitor.pp
+++ b/manifests/subsystems/monitor.pp
@@ -7,7 +7,7 @@ class monitor(
 
     if $type == 'vserver' {
       include nagios::target::fqdn
-        nagios::service::ping { "$fqdn": }
+      nagios::service::ping { "$fqdn": }
     }
 
     if $type == 'host' or $type == 'personal' {