rule => '&SERVICE_RANGE(tcp, 3493, ( 82.195.75.64/26 192.168.43.0/24 ))'
}
}
- lotti,lully,loghost-grnet-01: {
+ lotti,loghost-grnet-01,loghost-osuosl-01: {
@ferm::rule { 'dsa-syslog':
description => 'Allow syslog access',
rule => '&SERVICE_RANGE(tcp, 5140, $HOST_DEBIAN_V4)'
${ join(getfromhash($site::allnodeinfo, 'master.debian.org', 'ipHostNumber'), " ") }
${ join(getfromhash($site::allnodeinfo, 'coccia.debian.org', 'ipHostNumber'), " ") }
${ join(getfromhash($site::allnodeinfo, 'respighi.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($site::allnodeinfo, 'wuiet.debian.org', 'ipHostNumber'), " ") }
))
| EOF
}
${ join(getfromhash($site::allnodeinfo, 'wuiet.debian.org', 'ipHostNumber'), " ") }
${ join(getfromhash($site::allnodeinfo, 'respighi.debian.org', 'ipHostNumber'), " ") }
${ join(getfromhash($site::allnodeinfo, 'usper.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($site::allnodeinfo, 'ullmann.debian.org', 'ipHostNumber'), " ") }
))
| EOF
}
domain => '(ip ip6)',
rule => @("EOF"/$)
&SERVICE_RANGE(tcp, 5436, (
+ ${ join(getfromhash($site::allnodeinfo, 'respighi.debian.org', 'ipHostNumber'), " ") }
${ join(getfromhash($site::allnodeinfo, 'wuiet.debian.org', 'ipHostNumber'), " ") }
${ join(getfromhash($site::allnodeinfo, 'ullmann.debian.org', 'ipHostNumber'), " ") }
\$HOST_PGBACKUPHOST
}
}
sallinen: {
- @ferm::rule { 'dsa-postgres-backup':
- description => 'Allow postgress access',
- rule => '&SERVICE_RANGE(tcp, 5473, ( $HOST_PGBACKUPHOST_V4 ))'
- }
- @ferm::rule { 'dsa-postgres-backup6':
- domain => 'ip6',
- description => 'Allow postgress access',
- rule => '&SERVICE_RANGE(tcp, 5473, ( $HOST_PGBACKUPHOST_V6 ))'
- }
- @ferm::rule { 'dsa-postgres-replication':
- description => 'Allow postgress access',
- rule => '&SERVICE_RANGE(tcp, 5473, ( 185.17.185.187/32 ))'
- }
- @ferm::rule { 'dsa-postgres-replication6':
- domain => 'ip6',
+ @ferm::rule { 'dsa-postgres':
description => 'Allow postgress access',
- rule => '&SERVICE_RANGE(tcp, 5473, ( 2001:1af8:4020:b030:deb::187/128 ))'
+ domain => '(ip ip6)',
+ rule => @("EOF"/$)
+ &SERVICE_RANGE(tcp, 5473, (
+ ${ join(getfromhash($site::allnodeinfo, 'lw07.debian.org', 'ipHostNumber'), " ") }
+ ${ join(getfromhash($site::allnodeinfo, 'snapshotdb-manda-01.debian.org', 'ipHostNumber'), " ") }
+ \$HOST_PGBACKUPHOST
+ ))
+ | EOF
}
}
lw07: {
rule => '&SERVICE_RANGE(tcp, 5439, ( 2001:1af8:4020:b030::/64 ))'
}
}
+ snapshotdb-manda-01: {
+ @ferm::rule { 'dsa-postgres-snapshot':
+ domain => '(ip ip6)',
+ description => 'Allow postgress access from leaseweb (lw07 and friends)',
+ rule => '&SERVICE_RANGE(tcp, 5442, ( 185.17.185.176/28 2001:1af8:4020:b030::/64 ))'
+ }
+ }
default: {}
}
# vpn fu
projects / mirror / dsa-puppet.git / blobdiff