X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fferm%2Fmanifests%2Fper-host.pp;h=b9ad487de7d0517edf43ea150f5bb7eaffec5e83;hb=a001db15a8463b3aac135b05343aca2ac7dc2aa9;hp=ba0f52bf1d94d810b35d3d51452be3c887e597cb;hpb=25cf6eafe99252aeea11f864e9dd6832b43de51f;p=mirror%2Fdsa-puppet.git

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index ba0f52bf1..b9ad487de 100644
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -473,10 +473,6 @@ class ferm::per-host {
 				description     => 'Allow postgress access',
 				rule            => '&SERVICE_RANGE(tcp, 5432, ( $HOST_PGBACKUPHOST_V6 ))'
 			}
-			@ferm::rule { 'dc16-postgres':
-				description	=> 'Allow postgres access',
-				rule		=> '&SERVICE_RANGE(tcp, 5332, ( 137.158.82.4/31 ))'
-			}
 		}
 		default: {}
 	}
@@ -507,6 +503,12 @@ REJECT reject-with icmp-admin-prohibited
 				rule            => 'outerface !tun+ mod mark mark 1 MASQUERADE',
 			}
 		}
+		ubc-enc2bl1,ubc-enc2bl2,ubc-enc2bl9,ubc-enc2bl10: {
+			@ferm::rule { 'dsa-luca-fixme':
+				description     => 'Allow ssh access from mnt and vpn networks',
+				rule            => '&SERVICE_RANGE(tcp, 22, ( 172.29.40.0/22 172.29.203.0/24 ))',
+			}
+		}
 		default: {}
 	}
 	# tftp