X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fferm%2Fmanifests%2Fper-host.pp;h=5f175260aeb625685ab31e35afa8e9067af812d6;hb=a212c6563eca103b65f5d999a70ed05d5f2231cc;hp=53faf51a34fc3690c61d95f70a088340d10ed42c;hpb=db2e7be2c23b86863f42611e5492d99fc4fa6cdf;p=mirror%2Fdsa-puppet.git

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 53faf51a3..5f175260a 100644
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -3,10 +3,6 @@ class ferm::per-host {
 		include ferm::zivit
 	}
 
-	if $::hostname in [chopin,franck,gluck,kassia,klecker,lobos,morricone,ravel,ries,rietz,saens,schein,santoro,steffani,valente,villa,wieck,stabile,bizet] {
-		include ferm::ftp
-	}
-
 	case $::hostname {
 		piatti,samosa: {
 			@ferm::rule { 'dsa-udd-stunnel':
@@ -91,13 +87,6 @@ class ferm::per-host {
 				rule            => '&SERVICE(tcp, 6523)'
 			}
 		}
-		bendel,liszt: {
-			@ferm::rule { 'smtp':
-				domain          => '(ip ip6)',
-				description     => 'Allow smtp access',
-				rule            => '&SERVICE(tcp, 25)'
-			}
-		}
 		draghi: {
 			#@ferm::rule { 'dsa-bind':
 			#    domain          => '(ip ip6)',
@@ -121,12 +110,9 @@ class ferm::per-host {
 			}
 		}
 		cilea: {
-			file {
-				'/etc/ferm/conf.d/load_sip_conntrack.conf':
-					source => 'puppet:///modules/ferm/conntrack_sip.conf',
-					require => Package['ferm'],
-					notify  => Service['ferm'],
-			}
+			ferm::module { 'nf_conntrack_sip': }
+			ferm::module { 'nf_conntrack_h323': }
+
 			@ferm::rule { 'dsa-sip':
 				domain          => '(ip ip6)',
 				description     => 'Allow sip access',
@@ -202,6 +188,7 @@ def $FREEBSD_HOSTS=($ADDRESS_FANO $ADDRESS_FINZI);
 policy ACCEPT;
 mod state state (ESTABLISHED RELATED) ACCEPT;
 interface br0 outerface br0 ACCEPT;
+interface br1 outerface br1 ACCEPT;
 
 interface br2 outerface br0 jump from-kfreebsd;
 interface br0 destination ($FREEBSD_HOSTS) jump to-kfreebsd;