add ferm::nfs-server module

Signed-off-by: Stephen Gran <steve@lobefin.net>

diff --git a/modules/ferm/manifests/nfs-server.pp b/modules/ferm/manifests/nfs-server.pp
new file mode 100644 (file)
index 0000000..8fc4f1a
--- /dev/null
+++ b/modules/ferm/manifests/nfs-server.pp
@@ -0,0 +1,27 @@
+class ferm::nfs-server {
+    @ferm::rule { "dsa-portmap":
+            domain          => "(ip ip6)",
+            description     => "Allow portmap access",
+            rule            => "&TCP_UDP_SERVICE(111)"
+    }
+    @ferm::rule { "dsa-nfs":
+            domain          => "(ip ip6)",
+            description     => "Allow nfsd access",
+            rule            => "&TCP_UDP_SERVICE(2049)"
+    }
+    @ferm::rule { "dsa-status":
+            domain          => "(ip ip6)",
+            description     => "Allow statd access",
+            rule            => "&TCP_UDP_SERVICE(10000)"
+    }
+    @ferm::rule { "dsa-mountd":
+            domain          => "(ip ip6)",
+            description     => "Allow mountd access",
+            rule            => "&TCP_UDP_SERVICE(10002)"
+    }
+    @ferm::rule { "dsa-lockd":
+            domain          => "(ip ip6)",
+            description     => "Allow lockd access",
+            rule            => "&TCP_UDP_SERVICE(10003)"
+    }
+}

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index d561e52..0d2f563 100644 (file)
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -17,6 +17,12 @@ class ferm::per-host {
         }
     }
 
+    case $hostname {
+        ravel: {
+            include ferm::nfs-server
+        }
+    }
+
     case $hostname {
         piatti: {
            @ferm::rule { "dsa-udd-stunnel":