add ferm::nfs-server module
authorStephen Gran <steve@lobefin.net>
Sun, 25 Jul 2010 22:33:39 +0000 (23:33 +0100)
committerStephen Gran <steve@lobefin.net>
Sun, 25 Jul 2010 22:33:39 +0000 (23:33 +0100)
Signed-off-by: Stephen Gran <steve@lobefin.net>
modules/ferm/manifests/nfs-server.pp [new file with mode: 0644]
modules/ferm/manifests/per-host.pp

diff --git a/modules/ferm/manifests/nfs-server.pp b/modules/ferm/manifests/nfs-server.pp
new file mode 100644 (file)
index 0000000..8fc4f1a
--- /dev/null
@@ -0,0 +1,27 @@
+class ferm::nfs-server {
+    @ferm::rule { "dsa-portmap":
+            domain          => "(ip ip6)",
+            description     => "Allow portmap access",
+            rule            => "&TCP_UDP_SERVICE(111)"
+    }
+    @ferm::rule { "dsa-nfs":
+            domain          => "(ip ip6)",
+            description     => "Allow nfsd access",
+            rule            => "&TCP_UDP_SERVICE(2049)"
+    }
+    @ferm::rule { "dsa-status":
+            domain          => "(ip ip6)",
+            description     => "Allow statd access",
+            rule            => "&TCP_UDP_SERVICE(10000)"
+    }
+    @ferm::rule { "dsa-mountd":
+            domain          => "(ip ip6)",
+            description     => "Allow mountd access",
+            rule            => "&TCP_UDP_SERVICE(10002)"
+    }
+    @ferm::rule { "dsa-lockd":
+            domain          => "(ip ip6)",
+            description     => "Allow lockd access",
+            rule            => "&TCP_UDP_SERVICE(10003)"
+    }
+}
index d561e52..0d2f563 100644 (file)
@@ -17,6 +17,12 @@ class ferm::per-host {
         }
     }
 
+    case $hostname {
+        ravel: {
+            include ferm::nfs-server
+        }
+    }
+
     case $hostname {
         piatti: {
            @ferm::rule { "dsa-udd-stunnel":