- ferm::rule { 'dsa-bacula-sd-v4':
- domain => '(ip)',
- description => 'Allow bacula-sd access from director and clients',
- rule => 'proto tcp mod state state (NEW) dport (bacula-sd) @subchain \'bacula-sd\' { saddr ($HOST_DEBIAN_V4 5.153.231.125 5.153.231.126) ACCEPT; }',
- notarule => true,
- }
-
- ferm::rule { 'dsa-bacula-sd-v6':
- domain => '(ip6)',
- description => 'Allow bacula-sd access from director and clients',
- rule => 'proto tcp mod state state (NEW) dport (bacula-sd) @subchain \'bacula-sd\' { saddr ($HOST_DEBIAN_V6) ACCEPT; }',
- notarule => true,
+ # allow access from director and fds
+ ferm::rule::simple { 'dsa-bacula-sd':
+ description => 'Access to the bacula-storage',
+ port => $bacula::bacula_storage_port,
+ target => 'bacula-sd',