- saens,villa,lobos,raff,gluck,schein,wieck,steffani: {
- @ferm::rule { "dsa-ftp":
- domain => "(ip ip6)",
- description => "Allow ftp access",
- rule => "&SERVICE(tcp, 21)"
- }
- @ferm::rule { "dsa-rsync":
- domain => "(ip ip6)",
- description => "Allow rsync access",
- rule => "&SERVICE(tcp, 873)"
- }
- }
- ancina,zelenka: {
- @ferm::rule { "dsa-time":
- description => "Allow time access",
- rule => "&SERVICE_RANGE(tcp, time, \$HOST_NAGIOS_V4)"
- }
- }
- handel: {
- @ferm::rule { "dsa-puppet":
- description => "Allow puppet access",
- rule => "&SERVICE_RANGE(tcp, 8140, \$HOST_DEBIAN_V4)"
- }
- @ferm::rule { "dsa-puppet-v6":
- domain => 'ip6',
- description => "Allow puppet access",
- rule => "&SERVICE_RANGE(tcp, 8140, \$HOST_DEBIAN_V6)"
- }
- }
- beethoven: {
- @ferm::rule { "dsa-merikanto-beethoven":
- description => "Allow merikanto", # for nfs, and that uses all kind of ports by default.
- rule => "source 172.22.127.147 interface bond0 jump ACCEPT",
- }
- }
-