}
}
}
+
+ # Send connections to the port to the pg-backup chain
+ # there, the register_backup_clienthost class will have
+ # realized the exported allows from the backup servers.
+ #
+ # Any non-matching traffic will fall through and it can
+ # be allowed elsewhere
ferm::rule::simple { "dsa-postgres-backup-${pg_port}":
- description => 'Allow postgress access from backup host',
+ description => 'Check for postgres access from backup host',
port => $pg_port,
- saddr => $backup_servers_addrs,
+ target => 'pg-backup',
}
postgres::backup_server::register_backup_cluster { "backup-role-${::fqdn}}-${pg_port}":