Permalink
Browse files

Remove per user DROP, use global DROP instead

Packets that do not find a matching rule will reach the end of the ruleset,
and get dropped by the global DROP rule.
  • Loading branch information...
1 parent c2bf643 commit 392623dfe33aed7918cc589d2cc38c02050168ce Julien Vehent committed Feb 12, 2013
Showing with 0 additions and 8 deletions.
  1. +0 −8 templates/default/rules.iptables.erb
@@ -61,14 +61,6 @@ node['afw']['chains'].sort_by{|k,v| k}.each do |user,params| -%>
-%>
<%=rule%>
<%end
- if node['afw']['enable_output_drop_log']
- # log-prefix must be < 30 characters total -%>
--A <%=user%> -j LOG --log-prefix "DROP_AFW_OUTPUT_<%=user[0,11]%> " --log-uid --log-tcp-sequence
-<% end
- if node['afw']['enable_output_drop'] -%>
--A <%=user%> -j DROP
-<% end -%>
-<%
end
-%>

0 comments on commit 392623d

Please sign in to comment.