projects / mirror / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Switch bacula director->client firewalling to store/collect
[mirror/dsa-puppet.git] / modules / bacula / manifests / client.pp
diff --git a/modules/bacula/manifests/client.pp b/modules/bacula/manifests/client.pp
index 08502b7..5a8f41f 100644 (file)
--- a/modules/bacula/manifests/client.pp
+++ b/modules/bacula/manifests/client.pp
@@ -24,6 +24,11 @@ class bacula::client(
           | EOF
       tag     => $bacula::tag_bacula_dsa_client_list,
     }
+
+    # allow access from director
+    Ferm::Rule::Simple <<| tag == 'bacula::director-to-fd' |>> {
+      port => $bacula::bacula_client_port
+    }
   } elsif $ensure == 'absent' {
     file { '/etc/bacula':
       ensure  => absent,
@@ -96,10 +101,4 @@ class bacula::client(
       ensure  => absent,
     }
   }
-
-  ferm::rule { 'dsa-bacula-fd':
-    domain      => '(ip ip6)',
-    description => 'Allow bacula access from storage and director',
-    rule        => "proto tcp mod state state (NEW) dport (${bacula::bacula_client_port}) saddr (${bacula::bacula_director_ip_addrs}) ACCEPT",
-  }
 }
Unnamed repository; edit this file 'description' to name the repository.