projects
/
mirror
/
dsa-puppet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
more amazon networks to blacklist
[mirror/dsa-puppet.git]
/
modules
/
roles
/
manifests
/
bgp.pp
diff --git
a/modules/roles/manifests/bgp.pp
b/modules/roles/manifests/bgp.pp
index
d3fbb39
..
da7fcb5
100644
(file)
--- a/
modules/roles/manifests/bgp.pp
+++ b/
modules/roles/manifests/bgp.pp
@@
-1,7
+1,8
@@
class roles::bgp {
$bgp_peers = $::hostname ? {
class roles::bgp {
$bgp_peers = $::hostname ? {
- bilbao => '2001:41c9:2:13c::/128 89.16.162.0/32',
- default => undef,
+ mirror-accumu => '2001:6b0:1e:2::1c6/128 130.242.6.198/32',
+ mirror-skroutz => '2a03:e40:42:200::151:1/128 2a03:e40:42:200::151:2/128 154.57.0.249/32 154.57.0.250',
+ default => undef,
}
if ! $bgp_peers {
}
if ! $bgp_peers {
@@
-11,6
+12,11
@@
class roles::bgp {
@ferm::rule { 'dsa-bgp':
description => 'Allow BGP from peers',
domain => '(ip ip6)',
@ferm::rule { 'dsa-bgp':
description => 'Allow BGP from peers',
domain => '(ip ip6)',
- rule =>
'&SERVICE_RANGE(tcp, ssh, $bgp_peers)'
+ rule =>
"&SERVICE_RANGE(tcp, bgp, ($bgp_peers))"
}
}
+
+ file { '/etc/network/interfaces.d/anycasted':
+ content => template('roles/anycast/interfaces.erb')
+ }
+
}
}