X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fferm%2Fmanifests%2Fper-host.pp;h=39514bb7c926d3be435c8cc6629ee835ac46d9ad;hb=aaa71e6c925d3f1dbed34adbb8e4cf9a41af4aab;hp=3ab0d631ad6097933996415f1c4a3bdbac29758b;hpb=7b062baee2e55c34f6c71a8f10919492de0bb2c5;p=mirror%2Fdsa-puppet.git

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 3ab0d631a..39514bb7c 100644
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -19,6 +19,10 @@ class ferm::per-host {
 			}
 		}
 		oyens: {
+			@ferm::rule { 'dsa-spice':
+				description     => 'Allow spice-console access',
+				rule            => '&SERVICE(tcp, 6082)'
+			}
 			@ferm::rule { 'dsa-memcache':
 				description     => 'Allow memcache access',
 				rule            => '&SERVICE_RANGE(tcp, 11211, ( 5.153.231.240/27 172.29.123.0/24 ))'
@@ -407,13 +411,23 @@ class ferm::per-host {
 			}
 			@ferm::rule { 'dsa-postgres-replication':
 				description     => 'Allow postgress access',
-				rule            => '&SERVICE_RANGE(tcp, 5433, ( 185.17.185.187/32 2001:1af8:4020:b030:deb::187/128 ))'
+				rule            => '&SERVICE_RANGE(tcp, 5433, ( 185.17.185.187/32 ))'
+			}
+			@ferm::rule { 'dsa-postgres-replication6':
+				domain          => 'ip6',
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, 5433, ( 2001:1af8:4020:b030:deb::187/128 ))'
 			}
 		}
 		lw07: {
 			@ferm::rule { 'dsa-postgres-snapshot':
 				description     => 'Allow postgress access',
-				rule            => '&SERVICE_RANGE(tcp, 5439, ( 185.17.185.176/28 2001:1af8:4020:b030::/64 ))'
+				rule            => '&SERVICE_RANGE(tcp, 5439, ( 185.17.185.176/28 ))'
+			}
+			@ferm::rule { 'dsa-postgres-snapshot6':
+				domain          => 'ip6',
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, 5439, ( 2001:1af8:4020:b030::/64 ))'
 			}
 		}
 		default: {}