Move draghi finger/ldap/ldaps fw into dbmaster role

diff --git a/modules/ferm/manifests/per_host.pp b/modules/ferm/manifests/per_host.pp
index 7668641..970ff2b 100644 (file)
--- a/modules/ferm/manifests/per_host.pp
+++ b/modules/ferm/manifests/per_host.pp
@@ -10,23 +10,6 @@ class ferm::per_host {
         rule        => '&SERVICE_RANGE(tcp, 3493, ( 82.195.75.64/26 192.168.43.0/24 ))'
       }
     }
-    draghi: {
-      ferm::rule { 'dsa-finger':
-        domain      => '(ip ip6)',
-        description => 'Allow finger access',
-        rule        => '&SERVICE(tcp, 79)'
-      }
-      ferm::rule { 'dsa-ldap':
-        domain      => '(ip ip6)',
-        description => 'Allow ldap access',
-        rule        => '&SERVICE(tcp, 389)'
-      }
-      ferm::rule { 'dsa-ldaps':
-        domain      => '(ip ip6)',
-        description => 'Allow ldaps access',
-        rule        => '&SERVICE(tcp, 636)'
-      }
-    }
     default: {}
   }
 

diff --git a/modules/roles/manifests/dbmaster.pp b/modules/roles/manifests/dbmaster.pp
index 1a0fa9e..e78167a 100644 (file)
--- a/modules/roles/manifests/dbmaster.pp
+++ b/modules/roles/manifests/dbmaster.pp
@@ -53,4 +53,11 @@ class roles::dbmaster {
     mail_user  => 'mail_db',
     mail_group => 'nogroup',
   }
+
+  ferm::rule::simple { 'finger':
+    port => 'finger',
+  }
+  ferm::rule::simple { 'ldap':
+    port => ['ldap', 'ldaps'],
+  }
 }