}
case $::hostname {
+ casulana: {
+ @ferm::rule { 'dsa-cloud-builds-br1-in':
+ description => 'br1 virtual machines - in',
+ table => 'filter',
+ chain => 'INPUT',
+ rule => 'interface br1 ACCEPT'
+ }
+ @ferm::rule { 'dsa-cloud-builds-br1-nat':
+ description => 'br1 virtual machines - nat',
+ table => 'nat',
+ chain => 'POSTROUTING',
+ rule => 'saddr 172.16.1.0/24 outerface bond0.21 MASQUERADE'
+ }
+ }
czerny,clementi: {
@ferm::rule { 'dsa-upsmon':
description => 'Allow upsmon access',
}
danzi: {
@ferm::rule { 'dsa-postgres-danzi':
- # ubc, wuit
+ # ubc, wuiet
description => 'Allow postgress access',
rule => '&SERVICE_RANGE(tcp, 5433, ( 206.12.19.0/24 209.87.16.0/24 5.153.231.18/32 ))'
}
@ferm::rule { 'dsa-postgres2-danzi':
description => 'Allow postgress access2',
- rule => '&SERVICE_RANGE(tcp, 5437, ( 206.12.19.0/24 209.87.16.0/24 ))'
+ rule => '&SERVICE_RANGE(tcp, 5434, ( 209.87.16.0/24 ))'
}
- @ferm::rule { 'dsa-postgres3-danzi':
- description => 'Allow postgress access3',
- rule => '&SERVICE_RANGE(tcp, 5436, ( 206.12.19.0/24 209.87.16.0/24 ))'
- }
- @ferm::rule { 'dsa-postgres4-danzi':
- description => 'Allow postgress access4',
- rule => '&SERVICE_RANGE(tcp, 5438, ( 206.12.19.0/24 209.87.16.0/24 ))'
- }
-
- @ferm::rule { 'dsa-postgres-backup':
- description => 'Allow postgress access',
- rule => '&SERVICE_RANGE(tcp, 5433, ( $HOST_PGBACKUPHOST_V4 ))'
- }
- @ferm::rule { 'dsa-postgres-backup6':
- domain => 'ip6',
- description => 'Allow postgress access',
- rule => '&SERVICE_RANGE(tcp, 5433, ( $HOST_PGBACKUPHOST_V6 ))'
+ @ferm::rule { 'dsa-postgres2-danzi6':
+ domain => 'ip6',
+ description => 'Allow postgress access2',
+ rule => '&SERVICE_RANGE(tcp, 5434, ( 2607:f8f0:614:1::/64 ))'
}
}
seger: {
projects / mirror / dsa-puppet.git / blobdiff