X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fferm%2Fmanifests%2Fper-host.pp;h=ec082c385b0eb440b6338caee28317ce6dcc2d85;hb=5f9b6e60800eeff29318662b84404dc0d23283dc;hp=890de74d7df5f33d23e348a9986d27eb30f7e5c4;hpb=3d464d174dd635c924ff4063593e48037d903c49;p=mirror%2Fdsa-puppet.git diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp index 890de74d7..ec082c385 100644 --- a/modules/ferm/manifests/per-host.pp +++ b/modules/ferm/manifests/per-host.pp @@ -111,10 +111,10 @@ class ferm::per-host { cilea: { file { "/etc/ferm/conf.d/load_sip_conntrack.conf": - source => "puppet:///ferm/conntrack_sip.conf", + source => "puppet:///modules/ferm/conntrack_sip.conf", require => Package["ferm"], notify => Exec["ferm restart"]; - }, + } @ferm::rule { "dsa-sip": domain => "(ip ip6)", description => "Allow sip access", @@ -195,6 +195,30 @@ class ferm::per-host { } } } + + # redirect snapshot into varnish + case $hostname { + sibelius: { + @ferm::rule { "dsa-snapshot-varnish": + rule => '&SERVICE(tcp, 6081)', + } + @ferm::rule { "dsa-nat-snapshot-varnish": + table => 'nat', + chain => 'PREROUTING', + rule => 'proto tcp daddr 193.62.202.28 dport 80 REDIRECT to-ports 6081', + } + } + stabile: { + @ferm::rule { "dsa-snapshot-varnish": + rule => '&SERVICE(tcp, 6081)', + } + @ferm::rule { "dsa-nat-snapshot-varnish": + table => 'nat', + chain => 'PREROUTING', + rule => 'proto tcp daddr 206.12.19.150 dport 80 REDIRECT to-ports 6081', + } + } + } } # vim:set et: