projects
/
mirror
/
dsa-puppet.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
c468a14
)
update ferm rules for postgresql@danzi
author
Julien Cristau
<jcristau@debian.org>
Fri, 29 Sep 2017 18:00:30 +0000
(20:00 +0200)
committer
Julien Cristau
<jcristau@debian.org>
Fri, 29 Sep 2017 18:00:30 +0000
(20:00 +0200)
modules/ferm/manifests/per_host.pp
patch
|
blob
|
history
diff --git
a/modules/ferm/manifests/per_host.pp
b/modules/ferm/manifests/per_host.pp
index
df3ce30
..
1bd5628
100644
(file)
--- a/
modules/ferm/manifests/per_host.pp
+++ b/
modules/ferm/manifests/per_host.pp
@@
-258,7
+258,7
@@
class ferm::per_host {
}
danzi: {
@ferm::rule { 'dsa-postgres-danzi':
}
danzi: {
@ferm::rule { 'dsa-postgres-danzi':
- # ubc, wuit
+ # ubc, wui
e
t
description => 'Allow postgress access',
rule => '&SERVICE_RANGE(tcp, 5433, ( 206.12.19.0/24 209.87.16.0/24 5.153.231.18/32 ))'
}
description => 'Allow postgress access',
rule => '&SERVICE_RANGE(tcp, 5433, ( 206.12.19.0/24 209.87.16.0/24 5.153.231.18/32 ))'
}
@@
-270,15
+270,11
@@
class ferm::per_host {
@ferm::rule { 'dsa-postgres2-danzi':
description => 'Allow postgress access2',
@ferm::rule { 'dsa-postgres2-danzi':
description => 'Allow postgress access2',
- rule => '&SERVICE_RANGE(tcp, 5437, ( 206.12.19.0/24 209.87.16.0/24 ))'
- }
- @ferm::rule { 'dsa-postgres3-danzi':
- description => 'Allow postgress access3',
- rule => '&SERVICE_RANGE(tcp, 5436, ( 206.12.19.0/24 209.87.16.0/24 ))'
+ rule => '&SERVICE_RANGE(tcp, 5434, ( 209.87.16.0/24 ))'
}
}
- @ferm::rule { 'dsa-postgres
4-danzi
':
- description => 'Allow postgress access
4
',
- rule => '&SERVICE_RANGE(tcp, 543
8, ( 206.12.19.0/24 209.87.16.0/2
4 ))'
+ @ferm::rule { 'dsa-postgres
2-danzi6
':
+ description => 'Allow postgress access
2
',
+ rule => '&SERVICE_RANGE(tcp, 543
4, ( 2607:f8f0:614:1::/6
4 ))'
}
@ferm::rule { 'dsa-postgres-backup':
}
@ferm::rule { 'dsa-postgres-backup':
@@
-290,6
+286,15
@@
class ferm::per_host {
description => 'Allow postgress access',
rule => '&SERVICE_RANGE(tcp, 5433, ( $HOST_PGBACKUPHOST_V6 ))'
}
description => 'Allow postgress access',
rule => '&SERVICE_RANGE(tcp, 5433, ( $HOST_PGBACKUPHOST_V6 ))'
}
+ @ferm::rule { 'dsa-postgres2-backup':
+ description => 'Allow postgress access',
+ rule => '&SERVICE_RANGE(tcp, 5434, ( $HOST_PGBACKUPHOST_V4 ))'
+ }
+ @ferm::rule { 'dsa-postgres2-backup6':
+ domain => 'ip6',
+ description => 'Allow postgress access',
+ rule => '&SERVICE_RANGE(tcp, 5434, ( $HOST_PGBACKUPHOST_V6 ))'
+ }
}
seger: {
@ferm::rule { 'dsa-postgres-backup':
}
seger: {
@ferm::rule { 'dsa-postgres-backup':