}
case $hostname {
- chopin,franck,gluck,kaufmann,kassia,klecker,lobos,merikanto,morricone,raff,ravel,ries,rietz,saens,schein,senfl,stabile,steffani,valente,villa,wieck: {
+ chopin,franck,gluck,kaufmann,kassia,klecker,lobos,merikanto,merkel,morricone,raff,ravel,ries,rietz,saens,schein,senfl,stabile,steffani,valente,villa,wieck,wolkenstein: {
include ferm::rsync
}
}
rule => "&SERVICE_RANGE(tcp, rsync, ( 195.20.242.90 192.25.206.33 82.195.75.106 206.12.19.118 ))"
}
}
- heininen: {
+ heininen,lotti: {
@ferm::rule { "dsa-syslog":
description => "Allow syslog access",
rule => "&SERVICE_RANGE(tcp, 5140, \$HOST_DEBIAN_V4)"
source ($HOST_MAILRELAY_V4 $HOST_NAGIOS_V4) proto tcp dport 25 ACCEPT;
source ($HOST_MUNIN_V4 $HOST_NAGIOS_V4) proto tcp dport 4949 ACCEPT;
source ($HOST_NAGIOS_V4) proto tcp dport 5666 ACCEPT;
- source ($HOST_NAGIOS_V4) proto udp dport ntp ACCEPT;
+ source ($HOST_NAGIOS_V4) proto udp dport ntp ACCEPT
'
}
@ferm::rule { "dsa-from-kfreebsd":
proto tcp dport (21 22 80 53 443) ACCEPT;
proto udp dport (53 123) ACCEPT;
proto tcp dport 8140 daddr 82.195.75.104 ACCEPT; # puppethost
- proto tcp dport 5140 daddr 82.195.75.98 ACCEPT; # loghost
- proto tcp dport (25 submission) daddr ($HOST_MAILRELAY_V4) ACCEPT;
+ proto tcp dport 5140 daddr (82.195.75.98 206.12.19.121) ACCEPT; # loghost
+ proto tcp dport (25 submission) daddr ($HOST_MAILRELAY_V4) ACCEPT
'
}
}}
interface vlan11 outerface eth0 jump from-kfreebsd;
interface eth0 destination ($FREEBSD_HOSTS) jump to-kfreebsd;
ULOG ulog-prefix "REJECT FORWARD: ";
- REJECT reject-with icmp-admin-prohibited;
+ REJECT reject-with icmp-admin-prohibited
'
}
}
interface br2 outerface br0 jump from-kfreebsd;
interface br0 destination ($FREEBSD_HOSTS) jump to-kfreebsd;
ULOG ulog-prefix "REJECT FORWARD: ";
- REJECT reject-with icmp-admin-prohibited;
+ REJECT reject-with icmp-admin-prohibited
'
}
}