source => "puppet:///ferm/conntrack_sip.conf",
require => Package["ferm"],
notify => Exec["ferm restart"];
- },
+ }
@ferm::rule { "dsa-sip":
domain => "(ip ip6)",
description => "Allow sip access",
}
}
}
+
+ # redirect snapshot into varnish
+ case $hostname {
+ sibelius: {
+ @ferm::rule { "dsa-snapshot-varnish":
+ rule => '&SERVICE(tcp, 6081)',
+ }
+ @ferm::rule { "dsa-nat-snapshot-varnish":
+ table => 'nat',
+ chain => 'PREROUTING',
+ rule => 'proto tcp daddr 193.62.202.28 dport 80 REDIRECT to-ports 6081',
+ }
+ }
+ stabile: {
+ @ferm::rule { "dsa-snapshot-varnish":
+ rule => '&SERVICE(tcp, 6081)',
+ }
+ @ferm::rule { "dsa-nat-snapshot-varnish":
+ table => 'nat',
+ chain => 'PREROUTING',
+ rule => 'proto tcp daddr 206.12.19.150 dport 80 REDIRECT to-ports 6081',
+ }
+ }
+ }
}
# vim:set et: