projects
/
mirror
/
dsa-puppet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
ensure correct path permissions, so nagios can read from it
[mirror/dsa-puppet.git]
/
modules
/
ferm
/
manifests
/
per-host.pp
diff --git
a/modules/ferm/manifests/per-host.pp
b/modules/ferm/manifests/per-host.pp
index
09230af
..
2d6c5bd
100644
(file)
--- a/
modules/ferm/manifests/per-host.pp
+++ b/
modules/ferm/manifests/per-host.pp
@@
-6,19
+6,25
@@
class ferm::per-host {
}
}
case $hostname {
}
}
case $hostname {
- franck,gluck,kaufmann,klecker,lobos,morricone,raff,ries,rietz,saens,schein,senfl,steffani,valente,villa,wieck: {
+ franck,gluck,kaufmann,k
assia,k
lecker,lobos,morricone,raff,ries,rietz,saens,schein,senfl,steffani,valente,villa,wieck: {
include ferm::rsync
}
}
case $hostname {
include ferm::rsync
}
}
case $hostname {
-
saens,villa,lobos,raff,gluck,schein,wieck,steffani,ries,rietz,franck,morricone,valente,klecker
: {
+
chopin,franck,gluck,kassia,klecker,lobos,morricone,ravel,raff,ries,rietz,saens,schein,steffani,valente,villa,wieck
: {
include ferm::ftp
}
}
case $hostname {
include ferm::ftp
}
}
case $hostname {
- piatti: {
+ ravel: {
+ include ferm::nfs-server
+ }
+ }
+
+ case $hostname {
+ piatti,samosa: {
@ferm::rule { "dsa-udd-stunnel":
description => "port 8080 for udd stunnel",
rule => "&SERVICE_RANGE(tcp, http-alt, ( 192.25.206.16 70.103.162.29 217.196.43.134 ))"
@ferm::rule { "dsa-udd-stunnel":
description => "port 8080 for udd stunnel",
rule => "&SERVICE_RANGE(tcp, http-alt, ( 192.25.206.16 70.103.162.29 217.196.43.134 ))"
@@
-93,6
+99,16
@@
class ferm::per-host {
description => "Allow finger access",
rule => "&SERVICE(tcp, 79)"
}
description => "Allow finger access",
rule => "&SERVICE(tcp, 79)"
}
+ @ferm::rule { "dsa-ldap":
+ domain => "(ip ip6)",
+ description => "Allow ldap access",
+ rule => "&SERVICE(tcp, 389)"
+ }
+ @ferm::rule { "dsa-ldaps":
+ domain => "(ip ip6)",
+ description => "Allow ldaps access",
+ rule => "&SERVICE(tcp, 636)"
+ }
}
}
}
}
}
}