rule => "&SERVICE(tcp, 636)"
}
}
+ cilea: {
+ file {
+ "/etc/ferm/conf.d/load_sip_conntrack.conf":
+ source => "puppet:///ferm/conntrack_sip.conf",
+ require => Package["ferm"],
+ notify => Exec["ferm restart"];
+ }
+ @ferm::rule { "dsa-sip":
+ domain => "(ip ip6)",
+ description => "Allow sip access",
+ rule => "&TCP_UDP_SERVICE(5060)"
+ }
+ @ferm::rule { "dsa-sipx":
+ domain => "(ip ip6)",
+ description => "Allow sipx access",
+ rule => "&TCP_UDP_SERVICE(5080)"
+ }
+ }
}
}
}
}
+
+ # redirect snapshot into varnish
+ case $hostname {
+ sibelius: {
+ @ferm::rule { "dsa-snapshot-varnish":
+ rule => '&SERVICE(tcp, 6081)',
+ }
+ @ferm::rule { "dsa-nat-snapshot-varnish":
+ table => 'nat',
+ chain => 'PREROUTING',
+ rule => 'proto tcp daddr 193.62.202.28 dport 80 REDIRECT to-ports 6081',
+ }
+ }
+ }
}
# vim:set et: