projects / mirror / dsa-puppet.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
retire manual firewalling on bmdb1 for dak replica access
[mirror/dsa-puppet.git] / modules / ferm / manifests / ftp_conntrack.pp
1 class ferm::ftp_conntrack {
2   # Allow non-passive connections to an FTP server
3   ferm::rule { 'dsa-ftp-conntrack-client':
4     domain      => '(ip ip6)',
5     description => 'ftp client connection tracking',
6     table       => 'raw',
7     chain       => 'OUTPUT',
8     rule        => 'proto tcp dport 21 CT helper ftp'
9   }
10
11   # Allow passive connections from an FTP client
12   ferm::rule { 'dsa-ftp-conntrack-server':
13     domain      => '(ip ip6)',
14     description => 'ftp server connection tracking',
15     table       => 'raw',
16     chain       => 'PREROUTING',
17     rule        => 'proto tcp dport 21 CT helper ftp'
18   }
19 }
Unnamed repository; edit this file 'description' to name the repository.