projects / mirror / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
try to setup firewall rules for bgp on bilbao
[mirror/dsa-puppet.git] / modules / roles / manifests / bgp.pp
diff --git a/modules/roles/manifests/bgp.pp b/modules/roles/manifests/bgp.pp
new file mode 100644 (file)
index 0000000..d3fbb39
--- /dev/null
+++ b/modules/roles/manifests/bgp.pp
@@ -0,0 +1,16 @@
+class roles::bgp {
+       $bgp_peers = $::hostname ? {
+               bilbao    => '2001:41c9:2:13c::/128 89.16.162.0/32',
+               default    => undef,
+       }
+
+       if ! $bgp_peers {
+               fail("Do not have bgp_peers set for $::hostname.")
+       }
+
+       @ferm::rule { 'dsa-bgp':
+               description => 'Allow BGP from peers',
+               domain      => '(ip ip6)',
+               rule        => '&SERVICE_RANGE(tcp, ssh, $bgp_peers)'
+       }
+}
Unnamed repository; edit this file 'description' to name the repository.