- # Send connections to the port to the pg-backup chain
- # there, the register_backup_clienthost class will have
- # realized the exported allows from the backup servers.
- #
- # Any non-matching traffic will fall through and it can
- # be allowed elsewhere
- #
- # this rule is only needed for clusters that we do not manage
- # with postgres::cluster. Hopefully these will go away with time
- ferm::rule::simple { "dsa-postgres-backup-${pg_port}":
- description => 'Check for postgres access from backup host',
- port => $pg_port,
- target => 'pg-backup',
- }
-