case $mta {
"exim4": {
case extractnodeinfo($nodeinfo, 'heavy_exim') {
- true: { include exim::mx }
+ 'true': { include exim::mx }
default: { include exim }
}
}
case $kernel {
Linux: {
include ferm
- @ferm::rule { "dsa-hook-nf_conntrack_ftp":
- rule => "@hook pre 'modprobe nf_conntrack_ftp || true'",
- description => "let's load nf_conntrack_ftp" ; }
}
}
}
logtest01,geo1,geo2,geo3,bartok,senfl,beethoven,piatti,saens,villa,lobos,raff,gluck,schein,wieck,steffani,ball,handel,tchaikovsky: { include ferm }
}
case $hostname {
+ zandonai,zelenka: {
+ @ferm::rule { "dsa-zivit-rrdcollect":
+ description => "port 6666 for rrdcollect for zivit",
+ rule => "&SERVICE_RANGE(tcp, 6666, ( 10.130.18.71 ))"
+ }
+ @ferm::rule { "dsa-zivit-zabbix":
+ description => "port 10050 for zabbix for zivit",
+ rule => "&SERVICE_RANGE(tcp, 10050, ( 10.130.18.76 ))"
+ }
+ }
piatti: {
@ferm::rule { "dsa-udd-stunnel":
description => "port 8080 for udd stunnel",
rule => "&SERVICE_RANGE(tcp, 8140, \$HOST_DEBIAN_V6)"
}
}
+ beethoven: {
+ @ferm::rule { "dsa-merikanto-beethoven":
+ description => "Allow merikanto", # for nfs, and that uses all kind of ports by default.
+ rule => "source 172.22.127.147 interface bond0 jump ACCEPT",
+ }
+ }
}
case $brokenhosts {
projects / mirror / dsa-puppet.git / blobdiff