X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;ds=sidebyside;f=modules%2Fferm%2Ffiles%2Fdefs.conf;h=d049e1996c053d1892a46cb5e68047d8ab763e9f;hb=ccbbcfdfc303c62d2e7d6547df6e3b33d4624403;hp=199034c11638629a483d266a9a0d7fe10f84752c;hpb=bf8fb059cf46f8c8a74b55b970b97038925dc75b;p=mirror%2Fdsa-puppet.git diff --git a/modules/ferm/files/defs.conf b/modules/ferm/files/defs.conf index 199034c11..d049e1996 100644 --- a/modules/ferm/files/defs.conf +++ b/modules/ferm/files/defs.conf @@ -1,34 +1,39 @@ -@def &SERVICE($proto, $port) = { - domain (ip ip6) chain INPUT proto $proto dport $port ACCEPT; -} +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## -@def &V4_SERVICE($proto, $port) = { - domain ip chain INPUT proto $proto dport $port ACCEPT; -} - -@def &V6_SERVICE($proto, $port) = { - domain ip6 chain INPUT proto $proto dport $port ACCEPT; +@def &SERVICE($proto, $port) = { + proto $proto mod state state (NEW) dport $port ACCEPT; } -@def &V4_SERVICE_RANGE($proto, $port, $srange) = { - domain ip chain INPUT proto $proto dport $port saddr $srange ACCEPT; +@def &SERVICE_RANGE($proto, $port, $srange) = { + proto $proto mod state state (NEW) dport $port saddr ($srange) ACCEPT; } -@def &V6_SERVICE_RANGE($proto, $port, $srange) = { - domain ip6 chain INPUT proto $proto dport $port saddr $srange ACCEPT; +@def &TCP_UDP_SERVICE($port) = { + proto tcp mod state state (NEW) dport $port ACCEPT; + proto udp mod state state (NEW) dport $port ACCEPT; } -@def $HOST_MUNIN = (192.25.206.57 192.25.206.33); -@def $HOST_NAGIOS = (192.25.206.57 192.25.206.33); +@def $HOST_MUNIN = (192.25.206.33); +@def $HOST_NAGIOS = (206.12.19.118); -@def $sgran = (91.103.132.25); -@def $weasel = (); +@def $sgran = (91.103.132.24/29); +@def $weasel = () +@def $weasel = ($weasel 86.59.118.144/28); # debian@sil +@def $weasel = ($weasel 86.59.21.32/29); # anguilla1 +@def $weasel = ($weasel 86.59.30.32/28); # anguilla2 +@def $weasel = ($weasel 141.201.27.0/24); # came +@def $weasel = ($weasel 62.99.152.178); # argos.campus-sbg @def $zobel = (); @def $luca = (); @def $DSA_IPS = ($sgran $weasel $zobel $luca); -@def $sgran6 = (2001:4b10:100b::dead:f00d); +@def $sgran6 = (2001:4b10:100b::/48); @def $weasel6 = (); +@def $weasel6 = ($weasel6 2001:826:408:200::/56); # came +@def $weasel6 = ($weasel6 2001:858:10f::/48); # anguilla @def $zobel6 = (); @def $luca6 = (); @def $DSA_V6_IPS = ($sgran6 $weasel6 $zobel6 $luca6);