move krb firewalling to modules/krb

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 2f2c6e6..379161f 100644 (file)
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -127,45 +127,6 @@ class ferm::per-host {
         }
     }
 
-    case $hostname {
-        byrd,schuetz: {
-            @ferm::rule { "dsa-krb-kdc":
-                domain          => "(ip ip6)",
-                description  => "kerberos KDC",
-                rule         => "&TCP_UDP_SERVICE(kerberos)"
-            }
-        }
-    }
-    case $hostname {
-        byrd: {
-            @ferm::rule { "dsa-krb-ipropd":
-                domain       => "ip",
-                description  => "kerberos ipropd",
-                rule         => "&SERVICE_RANGE(tcp, iprop, 206.12.19.119)",
-            }
-            @ferm::rule { "dsa-krb-ipropd-v6":
-                domain       => 'ip6',
-                description  => "kerberos ipropd (IPv6)",
-                rule         => "&SERVICE_RANGE(tcp, iprop, 2607:f8f0:610:4000:216:36ff:fe40:380a)",
-            }
-            @ferm::rule { "dsa-krb-kpasswdd":
-                domain          => "(ip ip6)",
-                description  => "kerberos KDC",
-                rule         => "&SERVICE(udp, kpasswd)",
-            }
-            @ferm::rule { "dsa-krb-kadmind":
-                domain       => "ip",
-                description  => "kerberos kadmind access from draghi",
-                rule         => "&SERVICE_RANGE(tcp, kerberos-adm, 82.195.75.106)",
-            }
-            @ferm::rule { "dsa-krb-kadmind-v6":
-                domain       => "ip6",
-                description  => "kerberos kadmind access from draghi",
-                rule         => "&SERVICE_RANGE(tcp, kerberos-adm, 2001:41b8:202:deb:216:36ff:fe40:3906)",
-            }
-        }
-    }
-
     case $hostname { rautavaara,luchesi: {
         @ferm::rule { "dsa-to-kfreebsd":
             description     => "Traffic routed to kfreebsd hosts",

diff --git a/modules/krb/manifests/init.pp b/modules/krb/manifests/init.pp
index 08e4107..2ad8b0f 100644 (file)
--- a/modules/krb/manifests/init.pp
+++ b/modules/krb/manifests/init.pp
@@ -4,6 +4,47 @@ class krb {
             content => template("krb/krb5.conf.erb"),
             ;
     }
+
+    case $hostname {
+        byrd,schuetz: {
+            @ferm::rule { "dsa-krb-kdc":
+                domain          => "(ip ip6)",
+                description  => "kerberos KDC",
+                rule         => "&TCP_UDP_SERVICE(kerberos)"
+            }
+        }
+    }
+
+    case $hostname {
+        byrd: {
+            @ferm::rule { "dsa-krb-ipropd":
+                domain       => "ip",
+                description  => "kerberos ipropd",
+                rule         => "&SERVICE_RANGE(tcp, iprop, 206.12.19.119)",
+            }
+            @ferm::rule { "dsa-krb-ipropd-v6":
+                domain       => 'ip6',
+                description  => "kerberos ipropd (IPv6)",
+                rule         => "&SERVICE_RANGE(tcp, iprop, 2607:f8f0:610:4000:216:36ff:fe40:380a)",
+            }
+            @ferm::rule { "dsa-krb-kpasswdd":
+                domain          => "(ip ip6)",
+                description  => "kerberos KDC",
+                rule         => "&SERVICE(udp, kpasswd)",
+            }
+            @ferm::rule { "dsa-krb-kadmind":
+                domain       => "ip",
+                description  => "kerberos kadmind access from draghi",
+                rule         => "&SERVICE_RANGE(tcp, kerberos-adm, 82.195.75.106)",
+            }
+            @ferm::rule { "dsa-krb-kadmind-v6":
+                domain       => "ip6",
+                description  => "kerberos kadmind access from draghi",
+                rule         => "&SERVICE_RANGE(tcp, kerberos-adm, 2001:41b8:202:deb:216:36ff:fe40:3906)",
+            }
+        }
+    }
+
 }
 # vim:set et:
 # vim:set sts=4 ts=4: