+ handel: {
+ @ferm::rule { "dsa-puppet":
+ description => "Allow puppet access",
+ rule => "&SERVICE_RANGE(tcp, 8140, \$HOST_DEBIAN_V4)"
+ }
+ @ferm::rule { "dsa-puppet-v6":
+ domain => 'ip6',
+ description => "Allow puppet access",
+ rule => "&SERVICE_RANGE(tcp, 8140, \$HOST_DEBIAN_V6)"
+ }
+ }
+ beethoven: {
+ @ferm::rule { "dsa-merikanto-beethoven":
+ description => "Allow merikanto", # for nfs, and that uses all kind of ports by default.
+ rule => "source 172.22.127.147 interface bond0 jump ACCEPT",
+ }
+ }