projects
/
mirror
/
dsa-puppet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Use service names instead of port numbers
[mirror/dsa-puppet.git]
/
modules
/
ferm
/
manifests
/
per-host.pp
diff --git
a/modules/ferm/manifests/per-host.pp
b/modules/ferm/manifests/per-host.pp
index
575b201
..
f4abeb1
100644
(file)
--- a/
modules/ferm/manifests/per-host.pp
+++ b/
modules/ferm/manifests/per-host.pp
@@
-132,7
+132,7
@@
class ferm::per-host {
@ferm::rule { "dsa-krb-kdc":
domain => "(ip ip6)",
description => "kerberos KDC",
@ferm::rule { "dsa-krb-kdc":
domain => "(ip ip6)",
description => "kerberos KDC",
- rule => "&SERVICE(tcp,
88
)"
+ rule => "&SERVICE(tcp,
kerberos
)"
}
}
}
}
}
}
@@
-141,17
+141,17
@@
class ferm::per-host {
@ferm::rule { "dsa-krb-ipropd":
domain => "ip",
description => "kerberos ipropd",
@ferm::rule { "dsa-krb-ipropd":
domain => "ip",
description => "kerberos ipropd",
- rule => "&SERVICE_RANGE(tcp,
2121
, 206.12.19.119)",
+ rule => "&SERVICE_RANGE(tcp,
iprop
, 206.12.19.119)",
}
@ferm::rule { "dsa-krb-ipropd-v6":
domain => 'ip6',
description => "kerberos ipropd (IPv6)",
}
@ferm::rule { "dsa-krb-ipropd-v6":
domain => 'ip6',
description => "kerberos ipropd (IPv6)",
- rule => "&SERVICE_RANGE(tcp,
2121
, 2607:f8f0:610:4000:216:36ff:fe40:380a)",
+ rule => "&SERVICE_RANGE(tcp,
iprop
, 2607:f8f0:610:4000:216:36ff:fe40:380a)",
}
@ferm::rule { "dsa-krb-kpasswdd":
domain => "(ip ip6)",
description => "kerberos KDC",
}
@ferm::rule { "dsa-krb-kpasswdd":
domain => "(ip ip6)",
description => "kerberos KDC",
- rule => "&SERVICE(udp,
464
)",
+ rule => "&SERVICE(udp,
kpasswd
)",
}
}
}
}
}
}