a few more rules

Signed-off-by: Stephen Gran <steve@lobefin.net>

diff --git a/modules/apache2/manifests/init.pp b/modules/apache2/manifests/init.pp
index fc2de44..9975b54 100644 (file)
--- a/modules/apache2/manifests/init.pp
+++ b/modules/apache2/manifests/init.pp
@@ -129,4 +129,8 @@ class apache2 {
                command => "/etc/init.d/apache2 force-reload",
                refreshonly => true,
        }
+        ferm::rule { "dsa-apache":
+                description     => "Allow web access",
+                rule            => "proto tcp mod state state (NEW) dport (80) ACCEPT"
+        }
 }

diff --git a/modules/exim/manifests/init.pp b/modules/exim/manifests/init.pp
index 43dd108..f488918 100644 (file)
--- a/modules/exim/manifests/init.pp
+++ b/modules/exim/manifests/init.pp
@@ -156,4 +156,8 @@ class exim {
         path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
         refreshonly => true,
     }
+    ferm::rule { "dsa-exim":
+            description     => "Allow smtp access",
+            rule            => "proto tcp mod state state (NEW) dport (25) ACCEPT"
+    }
 }

diff --git a/modules/named/manifests/init.pp b/modules/named/manifests/init.pp
index 5d2e250..73c7cdc 100644 (file)
--- a/modules/named/manifests/init.pp
+++ b/modules/named/manifests/init.pp
@@ -25,6 +25,10 @@ class named {
                         mode    => 775,
                         ;
         }
+        ferm::rule { "dsa-bind":
+                description     => "Allow nameserver access",
+                rule            => "proto (udp tcp) mod state state (NEW) dport (53) ACCEPT"
+        }
 }
 
 # vim: set fdm=marker ts=8 sw=8 et:

diff --git a/modules/ntp/manifests/init.pp b/modules/ntp/manifests/init.pp
index f461735..00b3340 100644 (file)
--- a/modules/ntp/manifests/init.pp
+++ b/modules/ntp/manifests/init.pp
@@ -25,4 +25,8 @@ class ntp {
                path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
                refreshonly => true,
        }
+        ferm::rule { "dsa-ntp":
+                description     => "Allow ntp access",
+                rule            => "proto udp mod state state (NEW) dport (123) ACCEPT"
+        }
 }