+ senfl: {
+ @ferm::rule { "dsa-rsync":
+ domain => "(ip ip6)",
+ description => "Allow rsync access",
+ rule => "&SERVICE(tcp, 873)"
+ }
+ }
+ saens,villa,lobos,raff,gluck,schein,wieck,steffani: {
+ @ferm::rule { "dsa-ftp":
+ domain => "(ip ip6)",
+ description => "Allow ftp access",
+ rule => "&SERVICE(tcp, 21)"
+ }
+ @ferm::rule { "dsa-rsync":
+ domain => "(ip ip6)",
+ description => "Allow rsync access",
+ rule => "&SERVICE(tcp, 873)"
+ }
+ }
+ ancina,zelenka: {
+ @ferm::rule { "dsa-time":
+ description => "Allow time access",
+ rule => "&SERVICE_RANGE(tcp, time, \$HOST_NAGIOS_V4)"
+ }
+ }
+ handel: {
+ @ferm::rule { "dsa-puppet":
+ description => "Allow puppet access",
+ rule => "&SERVICE_RANGE(tcp, 8140, \$HOST_DEBIAN_V4)"
+ }
+ @ferm::rule { "dsa-puppet-v6":
+ domain => 'ip6',
+ description => "Allow puppet access",
+ rule => "&SERVICE_RANGE(tcp, 8140, \$HOST_DEBIAN_V6)"
+ }
+ }
+ beethoven: {
+ @ferm::rule { "dsa-merikanto-beethoven":
+ description => "Allow merikanto", # for nfs, and that uses all kind of ports by default.
+ rule => "source 172.22.127.147 interface bond0 jump ACCEPT",
+ }
+ }
+