Revert "Allow all from vlan20"

[mirror/dsa-puppet.git] / modules / ferm / manifests / per-host.pp

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index b1e858e..d6c59dc 100644 (file)
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -85,6 +85,16 @@ class ferm::per-host {
                                description     => 'Allow postgress access4',
                                rule            => '&SERVICE_RANGE(tcp, 5438, ( 206.12.19.0/24 ))'
                        }
+
+                       @ferm::rule { 'dsa-postgres-bacula-danzi':
+                               description     => 'Allow postgress access1',
+                               rule            => '&SERVICE_RANGE(tcp, 5434, ( 206.12.19.139/32 ))'
+                       }
+                       @ferm::rule { 'dsa-postgres-bacula-danzi6':
+                               domain          => 'ip6',
+                               description     => 'Allow postgress access1',
+                               rule            => '&SERVICE_RANGE(tcp, 5434, ( 2607:f8f0:610:4000:6564:a62:ce0c:138b/128 ))'
+                       }
                }
                abel,alwyn,rietz: {
                        @ferm::rule { 'dsa-tftp':
@@ -293,12 +303,4 @@ REJECT reject-with icmp-admin-prohibited
                }
                default: {}
        }
-       case $::hostname {
-               bm-bl1,bm-bl2,bm-bl3,bm-bl4,bm-bl5,bm-bl6,bm-bl7,bm-bl8,bm-bl9,bm-bl10,bm-bl11,bm-bl12,bm-bl13,bm-bl14: {
-                       @ferm::rule { 'dsa-hwnet-vlan20':
-                               rule            => 'interface vlan20 jump ACCEPT',
-                       }
-               }
-               default: {}
-       }
 }