projects
/
mirror
/
dsa-puppet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Ship a schroot-list-sessions
[mirror/dsa-puppet.git]
/
modules
/
ferm
/
manifests
/
per-host.pp
diff --git
a/modules/ferm/manifests/per-host.pp
b/modules/ferm/manifests/per-host.pp
index
bb40a0a
..
82d6827
100644
(file)
--- a/
modules/ferm/manifests/per-host.pp
+++ b/
modules/ferm/manifests/per-host.pp
@@
-3,7
+3,7
@@
class ferm::per-host {
include ferm::zivit
}
include ferm::zivit
}
- if $::hostname in [glinka,klecker,merikanto,
powell,
ravel,rietz,senfl,sibelius,stabile] {
+ if $::hostname in [glinka,klecker,merikanto,ravel,rietz,senfl,sibelius,stabile] {
ferm::rule { 'dsa-rsync':
domain => '(ip ip6)',
description => 'Allow rsync access',
ferm::rule { 'dsa-rsync':
domain => '(ip ip6)',
description => 'Allow rsync access',
@@
-88,17
+88,6
@@
class ferm::per-host {
rule => '&SERVICE(udp, 69)'
}
}
rule => '&SERVICE(udp, 69)'
}
}
- powell: {
- @ferm::rule { 'dsa-powell-v6-tunnel':
- description => 'Allow powell to use V6 tunnel broker',
- rule => 'proto ipv6 saddr 212.227.117.6 jump ACCEPT'
- }
- @ferm::rule { 'dsa-powell-btseed':
- domain => '(ip ip6)',
- description => 'Allow powell to seed BT',
- rule => 'proto tcp dport 8000:8100 jump ACCEPT'
- }
- }
lotti,lully: {
@ferm::rule { 'dsa-syslog':
description => 'Allow syslog access',
lotti,lully: {
@ferm::rule { 'dsa-syslog':
description => 'Allow syslog access',
@@
-200,6
+189,12
@@
REJECT reject-with icmp-admin-prohibited
rule => 'source 82.195.75.108 proto (tcp udp) sport 53 jump NOTRACK'
}
}
rule => 'source 82.195.75.108 proto (tcp udp) sport 53 jump NOTRACK'
}
}
+ sonntag: {
+ @ferm::rule { 'dsa-bugs-search':
+ description => 'port 1978 for bugs-search from bug web frontends',
+ rule => '&SERVICE_RANGE(tcp, 1978, ( 140.211.166.26 206.12.19.140 ))'
+ }
+ }
default: {}
}
default: {}
}
@@
-307,4
+302,12
@@
REJECT reject-with icmp-admin-prohibited
}
default: {}
}
}
default: {}
}
+ case $::hostname {
+ bm-bl1,bm-bl2,bm-bl3,bm-bl4,bm-bl5,bm-bl6,bm-bl7,bm-bl8,bm-bl9,bm-bl10,bm-bl11,bm-bl12,bm-bl13,bm-bl14: {
+ @ferm::rule { 'dsa-hwnet-vlan20':
+ rule => 'interface vlan20 jump ACCEPT',
+ }
+ }
+ default: {}
+ }
}
}