groups => 'ssl-cert'
}
- @ferm::rule { 'rabbitmq':
+ ferm::rule { 'rabbitmq':
description => 'rabbitmq connections',
rule => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V4)'
}
- @ferm::rule { 'rabbitmq-v6':
+ ferm::rule { 'rabbitmq-v6':
domain => 'ip6',
description => 'rabbitmq connections',
rule => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V6)'
}
- @ferm::rule { 'rabbitmq-adm':
- description => 'rabbitmq connections',
- rule => '&SERVICE_RANGE(tcp, 5671, $DSA_IPS)'
- }
-
- @ferm::rule { 'rabbitmq-v6-adm':
- domain => 'ip6',
- description => 'rabbitmq connections',
- rule => '&SERVICE_RANGE(tcp, 5671, $DSA_V6_IPS)'
- }
-
if $::hostname == $cc_master {
$you = '5.153.231.15'
$you6 = '2001:41c8:1000:21::21:15'
$you6 = '2001:41c8:1000:21::21:16'
}
- @ferm::rule { 'rabbitmq_cluster':
+ ferm::rule { 'rabbitmq_cluster':
domain => 'ip',
description => 'rabbitmq cluster connections',
rule => "proto tcp mod state state (NEW) saddr (${you}) ACCEPT"
}
- @ferm::rule { 'rabbitmq_cluster_v6':
+ ferm::rule { 'rabbitmq_cluster_v6':
domain => 'ip6',
description => 'rabbitmq cluster connections',
rule => "proto tcp mod state state (NEW) saddr (${you6}) ACCEPT"
}
- @ferm::rule { 'rabbitmq_mgmt':
- description => 'rabbitmq cluster connections',
- rule => '&SERVICE_RANGE(tcp, 15671, $DSA_IPS)'
- }
- @ferm::rule { 'rabbitmq_mgmt_v6':
- domain => '(ip6)',
- description => 'rabbitmq cluster connections',
- rule => '&SERVICE_RANGE(tcp, 15671, $DSA_V6_IPS)'
- }
}
projects / mirror / dsa-puppet.git / blobdiff