Try some nat/redirect magic on sibelius

[mirror/dsa-puppet.git] / modules / ferm / manifests / per-host.pp

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 890de74..a4ab0d9 100644 (file)
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -114,7 +114,7 @@ class ferm::per-host {
                     source => "puppet:///ferm/conntrack_sip.conf",
                     require => Package["ferm"],
                     notify  => Exec["ferm restart"];
-            },
+            }
             @ferm::rule { "dsa-sip":
                     domain          => "(ip ip6)",
                     description     => "Allow sip access",
@@ -195,6 +195,20 @@ class ferm::per-host {
             }
         }
     }
+
+    # redirect snapshot into varnish
+    case $hostname {
+        sibelius: {
+            @ferm::rule { "dsa-snapshot-varnish":
+                rule            => '&SERVICE(tcp, 11371)'
+            }
+            @ferm::rule { "dsa-snapshot-varnish":
+                table           => 'nat'
+                chain           => 'PREROUTING'
+                rule            => 'proto tcp daddr 193.62.202.28 dport 80 REDIRECT to-ports 6081'
+            }
+        }
+    }
 }
 
 # vim:set et: