rule => '&SERVICE_RANGE(tcp, 3493, ( 82.195.75.64/26 192.168.43.0/24 ))'
}
}
- lotti,loghost-grnet-01,loghost-osuosl-01: {
- @ferm::rule { 'dsa-syslog':
- description => 'Allow syslog access',
- rule => '&SERVICE_RANGE(tcp, 5140, $HOST_DEBIAN_V4)'
- }
- @ferm::rule { 'dsa-syslog-v6':
- domain => 'ip6',
- description => 'Allow syslog access',
- rule => '&SERVICE_RANGE(tcp, 5140, $HOST_DEBIAN_V6)'
- }
- @ferm::rule { 'fastly-syslog':
- description => 'Allow syslog access',
- rule => '&SERVICE_RANGE(tcp, 5141, $HOST_FASTLY)'
- }
- }
kaufmann: {
@ferm::rule { 'dsa-hkp':
domain => '(ip ip6)',
${ join(getfromhash($site::allnodeinfo, 'ticharich.debian.org', 'ipHostNumber'), " ") }
${ join(getfromhash($site::allnodeinfo, 'petrova.debian.org', 'ipHostNumber'), " ") }
${ join(getfromhash($site::allnodeinfo, 'ullmann.debian.org', 'ipHostNumber'), " ") }
- ${ join(getfromhash($site::allnodeinfo, 'olin.debian.org', 'ipHostNumber'), " ") }
${ join(getfromhash($site::allnodeinfo, 'wuiet.debian.org', 'ipHostNumber'), " ") }
${ join(getfromhash($site::allnodeinfo, 'quantz.debian.org', 'ipHostNumber'), " ") }
${ join(getfromhash($site::allnodeinfo, 'respighi.debian.org', 'ipHostNumber'), " ") }
}
}
ubc-enc2bl01,ubc-enc2bl02,ubc-enc2bl09,ubc-enc2bl10: {
- @ferm::rule { 'dsa-luca-fixme':
- description => 'Allow ssh access from mnt and vpn networks',
+ @ferm::rule { 'dsa-ssh-priv':
+ description => 'Allow ssh access',
rule => '&SERVICE_RANGE(tcp, 22, ( 172.29.40.0/22 172.29.203.0/24 ))',
}
}
+ ubc-node-arm01,ubc-node-arm02,ubc-node-arm03: {
+ @ferm::rule { 'dsa-ssh-priv':
+ description => 'Allow ssh access',
+ rule => '&SERVICE_RANGE(tcp, 22, ( 172.29.43.240 ))',
+ }
+ }
default: {}
}
# tftp
projects / mirror / dsa-puppet.git / blobdiff