}
}
draghi: {
- @ferm::rule { "dsa-bind":
- domain => "(ip ip6)",
- description => "Allow nameserver access",
- rule => "&TCP_UDP_SERVICE(53)"
- }
+ #@ferm::rule { "dsa-bind":
+ # domain => "(ip ip6)",
+ # description => "Allow nameserver access",
+ # rule => "&TCP_UDP_SERVICE(53)"
+ #}
@ferm::rule { "dsa-finger":
domain => "(ip ip6)",
description => "Allow finger access",
cilea: {
file {
"/etc/ferm/conf.d/load_sip_conntrack.conf":
- source => "puppet:///ferm/conntrack_sip.conf",
+ source => "puppet:///modules/ferm/conntrack_sip.conf",
require => Package["ferm"],
notify => Exec["ferm restart"];
}
case $hostname {
sibelius: {
@ferm::rule { "dsa-snapshot-varnish":
- rule => '&SERVICE(tcp, 11371)',
+ rule => '&SERVICE(tcp, 6081)',
}
@ferm::rule { "dsa-nat-snapshot-varnish":
table => 'nat',
rule => 'proto tcp daddr 193.62.202.28 dport 80 REDIRECT to-ports 6081',
}
}
+ stabile: {
+ @ferm::rule { "dsa-snapshot-varnish":
+ rule => '&SERVICE(tcp, 6081)',
+ }
+ @ferm::rule { "dsa-nat-snapshot-varnish":
+ table => 'nat',
+ chain => 'PREROUTING',
+ rule => 'proto tcp daddr 206.12.19.150 dport 80 REDIRECT to-ports 6081',
+ }
+ }
}
}
projects / mirror / dsa-puppet.git / blobdiff