include ferm::zivit
}
- if $::hostname in [glinka] {
+ if $::hostname in [glinka,gretchaninov] {
ferm::rule { 'dsa-rsync':
domain => '(ip ip6)',
description => 'Allow rsync access',
rule => '&SERVICE_RANGE(tcp, 5452, ( 2001:41c8:1000:21::21:28/128 2001:41b8:202:deb:216:36ff:fe40:4001/128 2001:41c8:1000:21::21:11/32 2001:41c8:1000:21::21:21/128 ))'
}
}
+ fasolo: {
+ @ferm::rule { 'dsa-postgres-fasolo':
+ description => 'Allow postgress access',
+ rule => '&SERVICE_RANGE(tcp, 5433, ( 5.153.231.10/32 ))'
+ }
+ @ferm::rule { 'dsa-postgres-fasolo6':
+ domain => 'ip6',
+ description => 'Allow postgress access',
+ rule => '&SERVICE_RANGE(tcp, 5433, ( 2001:41c8:1000:21::21:10/128 ))'
+ }
+
+ @ferm::rule { 'dsa-postgres-backup':
+ description => 'Allow postgress access',
+ rule => '&SERVICE_RANGE(tcp, 5433, ( $HOST_PGBACKUPHOST_V4 ))'
+ }
+ @ferm::rule { 'dsa-postgres-backup6':
+ domain => 'ip6',
+ description => 'Allow postgress access',
+ rule => '&SERVICE_RANGE(tcp, 5433, ( $HOST_PGBACKUPHOST_V6 ))'
+ }
+ }
franck: {
@ferm::rule { 'dsa-postgres-franck':
description => 'Allow postgress access',
rule => 'outerface !tun+ mod mark mark 1 MASQUERADE',
}
}
- ubc-enc2bl1,ubc-enc2bl2,ubc-enc2bl9,ubc-enc2bl10: {
+ ubc-enc2bl01,ubc-enc2bl2,ubc-enc2bl9,ubc-enc2bl10: {
@ferm::rule { 'dsa-luca-fixme':
description => 'Allow ssh access from mnt and vpn networks',
rule => '&SERVICE_RANGE(tcp, 22, ( 172.29.40.0/22 172.29.203.0/24 ))',
projects / mirror / dsa-puppet.git / blobdiff