remove old-style ssh firewalling setup for mirrors/syncproxies

[mirror/dsa-puppet.git] / modules / ferm / templates / me.conf.erb

diff --git a/modules/ferm/templates/me.conf.erb b/modules/ferm/templates/me.conf.erb
index 6bd95df..829d71a 100644 (file)
--- a/modules/ferm/templates/me.conf.erb
+++ b/modules/ferm/templates/me.conf.erb
@@ -40,31 +40,6 @@ if should_restrict then
                ssh4allowed << %w{$HOST_DEBIAN_V4}
                ssh6allowed << %w{$HOST_DEBIAN_V6}
        end
-
-       if scope.function_has_role(['debian_mirror']) or
-          scope.function_has_role(['syncproxy']) then
-               ssh4allowed << '$HOST_SYNCPROXY_V4'
-               ssh6allowed << '$HOST_SYNCPROXY_V6'
-       end
-       if scope.function_has_role(['security_mirror']) or
-          scope.function_has_role(['syncproxy']) then
-               ssh4allowed << '$HOST_SECMASTER_V4'
-               ssh6allowed << '$HOST_SECMASTER_V6'
-       end
-       if scope.function_has_role(['historical_mirror']) then
-               ssh4allowed << '$HOST_ARCHIVEMASTER_V4'
-               ssh6allowed << '$HOST_ARCHIVEMASTER_V6'
-       end
-       if scope.function_has_role(['syncproxy']) then
-               ssh4allowed << '$HOST_FTPMASTER_V4'
-               ssh6allowed << '$HOST_FTPMASTER_V6'
-               ssh4allowed << '$HOST_PORTSMASTER_V4'
-               ssh6allowed << '$HOST_PORTSMASTER_V6'
-       end
-       if scope.function_has_role(['debug_mirror']) then
-               ssh4allowed << '$HOST_FTPMASTER_V4'
-               ssh6allowed << '$HOST_FTPMASTER_V6'
-       end
 end
 ssh4allowed.length == 0 and ssh4allowed << '0.0.0.0/0'
 ssh6allowed.length == 0 and ssh6allowed << '::/0'