X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fferm%2Ffiles%2Fdefs.conf;h=d049e1996c053d1892a46cb5e68047d8ab763e9f;hb=ccbbcfdfc303c62d2e7d6547df6e3b33d4624403;hp=329d7ed79c176322587862f462951f0e234dc35d;hpb=4b22086f6f79221555bcaab12b4553ae232b8f9d;p=mirror%2Fdsa-puppet.git diff --git a/modules/ferm/files/defs.conf b/modules/ferm/files/defs.conf index 329d7ed79..d049e1996 100644 --- a/modules/ferm/files/defs.conf +++ b/modules/ferm/files/defs.conf @@ -1,28 +1,39 @@ -@def &SERVICE($proto, $port) = { - domain (ip ip6) chain INPUT proto $proto dport $port ACCEPT; -} - -@def &V4_SERVICE($proto, $port) = { - domain ip chain INPUT proto $proto dport $port ACCEPT; -} +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## -@def &V6_SERVICE($proto, $port) = { - domain ip6 chain INPUT proto $proto dport $port ACCEPT; +@def &SERVICE($proto, $port) = { + proto $proto mod state state (NEW) dport $port ACCEPT; } -@def &V4_SERVICE_RANGE($proto, $port, $srange) = { - domain ip chain INPUT proto $proto dport $port saddr $srange ACCEPT; +@def &SERVICE_RANGE($proto, $port, $srange) = { + proto $proto mod state state (NEW) dport $port saddr ($srange) ACCEPT; } -@def &V6_SERVICE_RANGE($proto, $port, $srange) = { - domain ip6 chain INPUT proto $proto dport $port saddr $srange ACCEPT; +@def &TCP_UDP_SERVICE($port) = { + proto tcp mod state state (NEW) dport $port ACCEPT; + proto udp mod state state (NEW) dport $port ACCEPT; } -@def $HOST_MUNIN = (192.25.206.57 192.25.206.33); -@def $HOST_NAGIOS = (192.25.206.57 192.25.206.33); +@def $HOST_MUNIN = (192.25.206.33); +@def $HOST_NAGIOS = (206.12.19.118); -@def $sgran = (91.103.132.25 2001:4b10:100b::dead:f00d); -@def $weasel = (); -@def $zobel = (); -@def $luca = (); +@def $sgran = (91.103.132.24/29); +@def $weasel = () +@def $weasel = ($weasel 86.59.118.144/28); # debian@sil +@def $weasel = ($weasel 86.59.21.32/29); # anguilla1 +@def $weasel = ($weasel 86.59.30.32/28); # anguilla2 +@def $weasel = ($weasel 141.201.27.0/24); # came +@def $weasel = ($weasel 62.99.152.178); # argos.campus-sbg +@def $zobel = (); +@def $luca = (); @def $DSA_IPS = ($sgran $weasel $zobel $luca); + +@def $sgran6 = (2001:4b10:100b::/48); +@def $weasel6 = (); +@def $weasel6 = ($weasel6 2001:826:408:200::/56); # came +@def $weasel6 = ($weasel6 2001:858:10f::/48); # anguilla +@def $zobel6 = (); +@def $luca6 = (); +@def $DSA_V6_IPS = ($sgran6 $weasel6 $zobel6 $luca6);