X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fferm%2Fmanifests%2Fper_host.pp;h=8892b6c143463cd9c677e1d632653000e2e64bd0;hb=c1f216790d3a69239fb0b84cbb9cd50743ed5f0c;hp=952f52ab2cbe39a40196b903a09a2670e55446a6;hpb=3628350798e85b25012ebd69eebdaf93b7d43556;p=mirror%2Fdsa-puppet.git diff --git a/modules/ferm/manifests/per_host.pp b/modules/ferm/manifests/per_host.pp index 952f52ab2..8892b6c14 100644 --- a/modules/ferm/manifests/per_host.pp +++ b/modules/ferm/manifests/per_host.pp @@ -8,6 +8,12 @@ class ferm::per_host { } case $::hostname { + vittoria: { + @ferm::rule { 'debconf17': + description => 'temporarily allow DC17 access', + rule => '&SERVICE_RANGE(tcp, 5432, ( 206.167.44.99/32 206.167.36.195/32 ))' + } + } czerny,clementi: { @ferm::rule { 'dsa-upsmon': description => 'Allow upsmon access', @@ -38,6 +44,10 @@ class ferm::per_host { description => 'Allow syslog access', rule => '&SERVICE_RANGE(tcp, 5140, $HOST_DEBIAN_V6)' } + @ferm::rule { 'fastly-syslog': + description => 'Allow syslog access', + rule => '&SERVICE_RANGE(tcp, 5141, $HOST_FASTLY)' + } } kaufmann: { @ferm::rule { 'dsa-hkp': @@ -146,22 +156,6 @@ class ferm::per_host { default: {} } - # elasticsearch stuff - case $::hostname { - stockhausen: { - @ferm::rule { 'dsa-elasticsearch-bendel': - domain => '(ip)', - description => 'Allow elasticsearch access from bendel', - rule => '&SERVICE_RANGE(tcp, 9200:9300, ( 82.195.75.100/32 ))' - } - @ferm::rule { 'dsa-elasticsearch-bendel6': - domain => '(ip6)', - description => 'Allow elasticsearch access from bendel', - rule => '&SERVICE_RANGE(tcp, 9200:9300, ( 2001:41b8:202:deb:216:36ff:fe40:4002/128 ))' - } - } - } - # postgres stuff case $::hostname { ullmann: { @@ -345,7 +339,7 @@ class ferm::per_host { rule => '&SERVICE_RANGE(tcp, 5439, ( 2001:1af8:4020:b030::/64 ))' } } - melartin,vittoria: { + vittoria: { @ferm::rule { 'dsa-postgres-backup': description => 'Allow postgress access', rule => '&SERVICE_RANGE(tcp, 5432, ( $HOST_PGBACKUPHOST_V4 ))'