typo

[mirror/dsa-puppet.git] / modules / ferm / manifests / per_host.pp

diff --git a/modules/ferm/manifests/per_host.pp b/modules/ferm/manifests/per_host.pp
index 8fd0d07..1c1bc57 100644 (file)
--- a/modules/ferm/manifests/per_host.pp
+++ b/modules/ferm/manifests/per_host.pp
@@ -3,7 +3,17 @@ class ferm::per_host {
                include ferm::zivit
        }
 
+       if (getfromhash($site::nodeinfo, 'hoster', 'name') == "aql") {
+               include ferm::aql
+       }
+
        case $::hostname {
+               vittoria: {
+                       @ferm::rule { 'debconf17':
+                               description     => 'temporarily allow DC17 access',
+                               rule            => '&SERVICE_RANGE(tcp, 5432, (206.167.36.195/32))'
+                       }
+               }
                czerny,clementi: {
                        @ferm::rule { 'dsa-upsmon':
                                description     => 'Allow upsmon access',
@@ -225,12 +235,12 @@ class ferm::per_host {
                        @ferm::rule { 'dsa-postgres-bacula':
                                # dinis
                                description     => 'Allow postgress access1',
-                               rule            => '&SERVICE_RANGE(tcp, 5437, ( 5.153.231.19/32 ))'
+                               rule            => '&SERVICE_RANGE(tcp, 5437, ( 5.153.231.19/32 93.94.130.161/32 ))'
                        }
                        @ferm::rule { 'dsa-postgres-bacula6':
                                domain          => 'ip6',
                                description     => 'Allow postgress access1',
-                               rule            => '&SERVICE_RANGE(tcp, 5437, ( 2001:41c8:1000:21::21:19/128 ))'
+                               rule            => '&SERVICE_RANGE(tcp, 5437, ( 2001:41c8:1000:21::21:19/128 2a02:158:380:280::161/128 ))'
                        }
 
                        @ferm::rule { 'dsa-postgres-backup':