- ferm::rule { 'dsa-bacula-sd':
- domain => '(ip ip6)',
- description => 'Allow bacula-sd access from director and clients (i.e. all of Debian)',
- rule => 'proto tcp mod state state (NEW) dport (bacula-sd) @subchain \'bacula-sd\' { saddr ($HOST_DEBIAN) ACCEPT; }',
- notarule => true,
- }
- # allow access from director
- Ferm::Rule::Simple <<| tag == "bacula::director-to-storage::${bacula::bacula_director_address}" |>> {
- port => $bacula::bacula_storage_port,
+ # allow access from director and fds
+ ferm::rule::simple { 'dsa-bacula-sd':
+ description => 'Access to the bacula-storage',
+ port => $bacula::bacula_storage_port,
+ target => 'bacula-sd',