X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fferm%2Fmanifests%2Fper-host.pp;h=5f175260aeb625685ab31e35afa8e9067af812d6;hb=5a8df552f7733b7498c23be8e5a4f72cd9c4902b;hp=83e289470804dd7d9bc0b1eef7b50e39d42fd58f;hpb=3eb533e5499e66423bafdedaf6c7d08ead1772de;p=mirror%2Fdsa-puppet.git

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 83e289470..5f175260a 100644
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -3,10 +3,6 @@ class ferm::per-host {
 		include ferm::zivit
 	}
 
-	if $::hostname in [chopin,franck,gluck,kassia,klecker,lobos,morricone,ravel,ries,rietz,saens,schein,santoro,steffani,valente,villa,wieck,stabile,bizet] {
-		include ferm::ftp
-	}
-
 	case $::hostname {
 		piatti,samosa: {
 			@ferm::rule { 'dsa-udd-stunnel':
@@ -47,12 +43,12 @@ class ferm::per-host {
 		handel: {
 			@ferm::rule { 'dsa-puppet':
 				description     => 'Allow puppet access',
-				rule            => '&SERVICE_RANGE(tcp, 8140, \$HOST_DEBIAN_V4)'
+				rule            => '&SERVICE_RANGE(tcp, 8140, $HOST_DEBIAN_V4)'
 			}
 			@ferm::rule { 'dsa-puppet-v6':
 				domain          => 'ip6',
 				description     => 'Allow puppet access',
-				rule            => '&SERVICE_RANGE(tcp, 8140, \$HOST_DEBIAN_V6)'
+				rule            => '&SERVICE_RANGE(tcp, 8140, $HOST_DEBIAN_V6)'
 			}
 		}
 		powell: {
@@ -69,12 +65,12 @@ class ferm::per-host {
 		heininen,lotti: {
 			@ferm::rule { 'dsa-syslog':
 				description     => 'Allow syslog access',
-				rule            => '&SERVICE_RANGE(tcp, 5140, \$HOST_DEBIAN_V4)'
+				rule            => '&SERVICE_RANGE(tcp, 5140, $HOST_DEBIAN_V4)'
 			}
 			@ferm::rule { 'dsa-syslog-v6':
 				domain          => 'ip6',
 				description     => 'Allow syslog access',
-				rule            => '&SERVICE_RANGE(tcp, 5140, \$HOST_DEBIAN_V6)'
+				rule            => '&SERVICE_RANGE(tcp, 5140, $HOST_DEBIAN_V6)'
 			}
 		}
 		kaufmann: {
@@ -91,13 +87,6 @@ class ferm::per-host {
 				rule            => '&SERVICE(tcp, 6523)'
 			}
 		}
-		bendel,liszt: {
-			@ferm::rule { 'smtp':
-				domain          => '(ip ip6)',
-				description     => 'Allow smtp access',
-				rule            => '&SERVICE(tcp, 25)'
-			}
-		}
 		draghi: {
 			#@ferm::rule { 'dsa-bind':
 			#    domain          => '(ip ip6)',
@@ -121,12 +110,9 @@ class ferm::per-host {
 			}
 		}
 		cilea: {
-			file {
-				'/etc/ferm/conf.d/load_sip_conntrack.conf':
-					source => 'puppet:///modules/ferm/conntrack_sip.conf',
-					require => Package['ferm'],
-					notify  => Exec['ferm restart'];
-			}
+			ferm::module { 'nf_conntrack_sip': }
+			ferm::module { 'nf_conntrack_h323': }
+
 			@ferm::rule { 'dsa-sip':
 				domain          => '(ip ip6)',
 				description     => 'Allow sip access',
@@ -202,6 +188,7 @@ def $FREEBSD_HOSTS=($ADDRESS_FANO $ADDRESS_FINZI);
 policy ACCEPT;
 mod state state (ESTABLISHED RELATED) ACCEPT;
 interface br0 outerface br0 ACCEPT;
+interface br1 outerface br1 ACCEPT;
 
 interface br2 outerface br0 jump from-kfreebsd;
 interface br0 destination ($FREEBSD_HOSTS) jump to-kfreebsd;
@@ -238,7 +225,7 @@ REJECT reject-with icmp-admin-prohibited
 		default: {}
 	}
 
-	if $::rsyncd == true {
+	if $::rsyncd {
 		include ferm::rsync
 	}
 }