projects
/
mirror
/
dsa-puppet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
get backports from fastly as well
[mirror/dsa-puppet.git]
/
modules
/
ferm
/
manifests
/
per-host.pp
diff --git
a/modules/ferm/manifests/per-host.pp
b/modules/ferm/manifests/per-host.pp
index
d12ad67
..
005dd2d
100644
(file)
--- a/
modules/ferm/manifests/per-host.pp
+++ b/
modules/ferm/manifests/per-host.pp
@@
-3,7
+3,7
@@
class ferm::per-host {
include ferm::zivit
}
include ferm::zivit
}
- if $::hostname in [glinka] {
+ if $::hostname in [glinka
,gretchaninov
] {
ferm::rule { 'dsa-rsync':
domain => '(ip ip6)',
description => 'Allow rsync access',
ferm::rule { 'dsa-rsync':
domain => '(ip ip6)',
description => 'Allow rsync access',
@@
-190,7
+190,7
@@
class ferm::per-host {
sonntag: {
@ferm::rule { 'dsa-bugs-search':
description => 'port 1978 for bugs-search from bug web frontends',
sonntag: {
@ferm::rule { 'dsa-bugs-search':
description => 'port 1978 for bugs-search from bug web frontends',
- rule => '&SERVICE_RANGE(tcp, 1978, ( 140.211.166.26 20
6.12.19.140
))'
+ rule => '&SERVICE_RANGE(tcp, 1978, ( 140.211.166.26 20
9.87.16.39
))'
}
}
default: {}
}
}
default: {}
@@
-317,12
+317,12
@@
class ferm::per-host {
bmdb1: {
@ferm::rule { 'dsa-postgres-main':
description => 'Allow postgress access',
bmdb1: {
@ferm::rule { 'dsa-postgres-main':
description => 'Allow postgress access',
- rule => '&SERVICE_RANGE(tcp, 5435, ( 5.153.231.23/32 5.153.231.25/32 20
6.12.19.141
/32 5.153.231.26/32 5.153.231.18/32 5.153.231.28/32 5.153.231.249/32 5.153.231.29/32 5.153.231.43/32 5.153.231.33/32 ))'
+ rule => '&SERVICE_RANGE(tcp, 5435, ( 5.153.231.23/32 5.153.231.25/32 20
9.87.16.38
/32 5.153.231.26/32 5.153.231.18/32 5.153.231.28/32 5.153.231.249/32 5.153.231.29/32 5.153.231.43/32 5.153.231.33/32 ))'
}
@ferm::rule { 'dsa-postgres-main6':
domain => 'ip6',
description => 'Allow postgress access',
}
@ferm::rule { 'dsa-postgres-main6':
domain => 'ip6',
description => 'Allow postgress access',
- rule => '&SERVICE_RANGE(tcp, 5435, ( 2001:41c8:1000:21::21:23/128 2001:41c8:1000:21::21:25/128 2607:f8f0:61
0:4000:6564:a62:ce0c:138d
/128 2001:41c8:1000:21::21:26/128 2001:41c8:1000:21::21:18/128 2001:41c8:1000:21::21:28/128 2001:41c8:1000:20::20:249/128 2001:41c8:1000:21::21:29/128 2001:41c8:1000:21::21:43/128 2001:41c8:1000:21::21:33/128 ))'
+ rule => '&SERVICE_RANGE(tcp, 5435, ( 2001:41c8:1000:21::21:23/128 2001:41c8:1000:21::21:25/128 2607:f8f0:61
4:1::1274:38
/128 2001:41c8:1000:21::21:26/128 2001:41c8:1000:21::21:18/128 2001:41c8:1000:21::21:28/128 2001:41c8:1000:20::20:249/128 2001:41c8:1000:21::21:29/128 2001:41c8:1000:21::21:43/128 2001:41c8:1000:21::21:33/128 ))'
}
@ferm::rule { 'dsa-postgres-dak':
description => 'Allow postgress access',
}
@ferm::rule { 'dsa-postgres-dak':
description => 'Allow postgress access',
@@
-336,12
+336,12
@@
class ferm::per-host {
@ferm::rule { 'dsa-postgres-wannabuild':
# wuiet, ullmann, franck
description => 'Allow postgress access',
@ferm::rule { 'dsa-postgres-wannabuild':
# wuiet, ullmann, franck
description => 'Allow postgress access',
- rule => '&SERVICE_RANGE(tcp, 5436, ( 5.153.231.18/32 20
6.12.19.141
/32 138.16.160.12/32 ))'
+ rule => '&SERVICE_RANGE(tcp, 5436, ( 5.153.231.18/32 20
9.87.16.38
/32 138.16.160.12/32 ))'
}
@ferm::rule { 'dsa-postgres-wannabuild6':
domain => 'ip6',
description => 'Allow postgress access',
}
@ferm::rule { 'dsa-postgres-wannabuild6':
domain => 'ip6',
description => 'Allow postgress access',
- rule => '&SERVICE_RANGE(tcp, 5436, ( 2001:41c8:1000:21::21:18/128 2607:f8f0:61
0:4000:6564:a62:ce0c:138d
/128 ))'
+ rule => '&SERVICE_RANGE(tcp, 5436, ( 2001:41c8:1000:21::21:18/128 2607:f8f0:61
4:1::1274:38
/128 ))'
}
@ferm::rule { 'dsa-postgres-bacula':
# dinis
}
@ferm::rule { 'dsa-postgres-bacula':
# dinis
@@
-400,15
+400,15
@@
class ferm::per-host {
@ferm::rule { 'dsa-postgres2-danzi':
description => 'Allow postgress access2',
@ferm::rule { 'dsa-postgres2-danzi':
description => 'Allow postgress access2',
- rule => '&SERVICE_RANGE(tcp, 5437, ( 206.12.19.0/24 ))'
+ rule => '&SERVICE_RANGE(tcp, 5437, ( 206.12.19.0/24
209.87.16.0/24
))'
}
@ferm::rule { 'dsa-postgres3-danzi':
description => 'Allow postgress access3',
}
@ferm::rule { 'dsa-postgres3-danzi':
description => 'Allow postgress access3',
- rule => '&SERVICE_RANGE(tcp, 5436, ( 206.12.19.0/24 ))'
+ rule => '&SERVICE_RANGE(tcp, 5436, ( 206.12.19.0/24
209.87.16.0/24
))'
}
@ferm::rule { 'dsa-postgres4-danzi':
description => 'Allow postgress access4',
}
@ferm::rule { 'dsa-postgres4-danzi':
description => 'Allow postgress access4',
- rule => '&SERVICE_RANGE(tcp, 5438, ( 206.12.19.0/24 ))'
+ rule => '&SERVICE_RANGE(tcp, 5438, ( 206.12.19.0/24
209.87.16.0/24
))'
}
@ferm::rule { 'dsa-postgres-backup':
}
@ferm::rule { 'dsa-postgres-backup':
@@
-519,12
+519,6
@@
REJECT reject-with icmp-admin-prohibited
rule => '&SERVICE_RANGE(udp, 69, ( 172.28.17.0/24 ))'
}
}
rule => '&SERVICE_RANGE(udp, 69, ( 172.28.17.0/24 ))'
}
}
- jenko: {
- @ferm::rule { 'dsa-tftp':
- description => 'Allow tftp access',
- rule => '&SERVICE_RANGE(udp, 69, ( 192.168.2.0/24 206.12.19.0/24 ))'
- }
- }
master: {
@ferm::rule { 'dsa-tftp':
description => 'Allow tftp access',
master: {
@ferm::rule { 'dsa-tftp':
description => 'Allow tftp access',