X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fferm%2Fmanifests%2Fper-host.pp;h=743dbd162f45e6ab0ecdacd70a12781e453ce058;hb=bfe2a08ed19753f5fa987e51253b663afb4153c4;hp=aa20cbd63e37bd2c1526f001300d65c7f87c59c8;hpb=7fbd1fb63f9a8e87683b183e8b39bce18af59a4a;p=mirror%2Fdsa-puppet.git

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index aa20cbd63..743dbd162 100644
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -6,7 +6,7 @@ class ferm::per-host {
     }
 
     case $hostname {
-        chopin,franck,gluck,kassia,klecker,lobos,morricone,ravel,ries,rietz,saens,schein,santoro,steffani,valente,villa,wieck,stabile: {
+        chopin,franck,gluck,kassia,klecker,lobos,morricone,ravel,ries,rietz,saens,schein,santoro,steffani,valente,villa,wieck,stabile,bizet: {
             include ferm::ftp
         }
     }
@@ -19,9 +19,19 @@ class ferm::per-host {
             }
         }
         danzi: {
-                @ferm::rule { "dsa-postgres-danzi":
-                    description     => "Allow postgress access",
-                    rule            => "&SERVICE_RANGE(tcp, 5433, ( 206.12.19.0/24 ))"
+                @ferm::rule {
+                    "dsa-postgres-danzi":
+                        description     => "Allow postgress access",
+                        rule            => "&SERVICE_RANGE(tcp, 5433, ( 206.12.19.0/24 ))"
+                        ;
+                    "dsa-postgres2-danzi":
+                        description     => "Allow postgress access2",
+                        rule            => "&SERVICE_RANGE(tcp, 5437, ( 206.12.19.0/24 ))"
+                        ;
+                    "dsa-postgres3-danzi":
+                        description     => "Allow postgress access2",
+                        rule            => "&SERVICE_RANGE(tcp, 5436, ( 206.12.19.0/24 ))"
+                        ;
                 }
 
         }
@@ -81,7 +91,14 @@ class ferm::per-host {
                 rule            => "&SERVICE(tcp, 11371)"
             }
         }
-        liszt: {
+        gombert: {
+            @ferm::rule { "dsa-infinoted":
+                domain          => "(ip ip6)",
+                description     => "Allow infinoted access",
+                rule            => "&SERVICE(tcp, 6523)"
+            }
+        }
+        bendel,liszt: {
             @ferm::rule { "smtp":
                 domain          => "(ip ip6)",
                 description     => "Allow smtp access",
@@ -128,6 +145,13 @@ class ferm::per-host {
                 rule            => "&TCP_UDP_SERVICE(5080)"
             }
         }
+	scelsi: {
+            @ferm::rule { "dc11-icecast":
+                domain          => "(ip ip6)",
+                description     => "Allow icecast access",
+                rule            => "&SERVICE(tcp, 8000)"
+            }
+	}
     }
 
     case $hostname { rautavaara,luchesi: {
@@ -150,6 +174,7 @@ class ferm::per-host {
                                 proto udp dport (53 123) ACCEPT;
                                 proto tcp dport 8140 daddr 82.195.75.104 ACCEPT; # puppethost
                                 proto tcp dport 5140 daddr (82.195.75.98 206.12.19.121) ACCEPT; # loghost
+                                proto tcp dport 11371 daddr 82.195.75.107 ACCEPT; # keyring host
                                 proto tcp dport (25 submission) daddr ($HOST_MAILRELAY_V4) ACCEPT
                                '
         }