projects
/
mirror
/
dsa-puppet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Whitespace, cargo-cult a ferm rule bit
[mirror/dsa-puppet.git]
/
modules
/
bacula
/
manifests
/
storage.pp
diff --git
a/modules/bacula/manifests/storage.pp
b/modules/bacula/manifests/storage.pp
index
d4f67d0
..
f0a09df
100644
(file)
--- a/
modules/bacula/manifests/storage.pp
+++ b/
modules/bacula/manifests/storage.pp
@@
-29,13
+29,14
@@
class bacula::storage inherits bacula {
@ferm::rule { 'dsa-bacula-sd-v4':
domain => '(ip)',
description => 'Allow bacula-sd access from director and clients',
@ferm::rule { 'dsa-bacula-sd-v4':
domain => '(ip)',
description => 'Allow bacula-sd access from director and clients',
-
-
rule => 'proto tcp mod state state (NEW) dport (bacula-sd) @subchain \'bacula-sd\' { saddr ($HOST_DEBIAN_V4) ACCEPT; }'
,
+ rule => 'proto tcp mod state state (NEW) dport (bacula-sd) @subchain \'bacula-sd\' { saddr ($HOST_DEBIAN_V4) ACCEPT; }',
+
notarule => true
,
}
}
+
@ferm::rule { 'dsa-bacula-sd-v6':
domain => '(ip6)',
description => 'Allow bacula-sd access from director and clients',
@ferm::rule { 'dsa-bacula-sd-v6':
domain => '(ip6)',
description => 'Allow bacula-sd access from director and clients',
-
-
rule => 'proto tcp mod state state (NEW) dport (bacula-sd) @subchain \'bacula-sd\' { saddr ($HOST_DEBIAN_V6) ACCEPT; }'
,
-
+ rule => 'proto tcp mod state state (NEW) dport (bacula-sd) @subchain \'bacula-sd\' { saddr ($HOST_DEBIAN_V6) ACCEPT; }',
+
notarule => true
,
+ }
}
}