Try to allow some ports to afs hosts

author Peter Palfrader <peter@palfrader.org>

Sun, 12 Sep 2010 08:41:19 +0000 (10:41 +0200)

committer Peter Palfrader <peter@palfrader.org>

Sun, 12 Sep 2010 08:41:36 +0000 (10:41 +0200)
author Peter Palfrader <peter@palfrader.org>
Sun, 12 Sep 2010 08:41:19 +0000 (10:41 +0200)
committer Peter Palfrader <peter@palfrader.org>
Sun, 12 Sep 2010 08:41:36 +0000 (10:41 +0200)
diff --git a/manifests/site.pp b/manifests/site.pp

index a79e32c..4504a59 100644 (file)
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -113,6 +113,9 @@ node default {
      case $hostname {
          byrd,schuetz,draghi,lamb:    { include krb }
      }
+    case $hostname {
+        lamb:    { include afs::server }
+    }
  }
  
  # vim:set et:
diff --git a/modules/afs/manifests/init.pp b/modules/afs/manifests/init.pp

new file mode 100644 (file)

index 0000000..9d3a007
--- /dev/null
+++ b/modules/afs/manifests/init.pp
@@ -0,0 +1,10 @@
+class afs {
+    @ferm::rule { "dsa-afs callback":
+        domain          => "(ip ip6)",
+        description  => "afs callback",
+        rule         => "&SERVICE(udp, afs3-callback)"
+    }
+}
+# vim:set et:
+# vim:set sts=4 ts=4:
+# vim:set shiftwidth=4:
diff --git a/modules/afs/manifests/server.pp b/modules/afs/manifests/server.pp

new file mode 100644 (file)

index 0000000..9e663d2
--- /dev/null
+++ b/modules/afs/manifests/server.pp
@@ -0,0 +1,35 @@
+class afs::server inherits afs {
+    @ferm::rule { "dsa-afs fileserver":
+        domain       => "(ip ip6)",
+        description  => "afs callback",
+        rule         => "&SERVICE(udp, afs3-fileserver)"
+    }
+    @ferm::rule { "dsa-afs prserver":
+        domain       => "(ip ip6)",
+        description  => "afs callback",
+        rule         => "&SERVICE(udp, afs3-prserver)"
+    }
+    @ferm::rule { "dsa-afs vlserver":
+        domain       => "(ip ip6)",
+        description  => "afs callback",
+        rule         => "&SERVICE(udp, afs3-vlserver)"
+    }
+    @ferm::rule { "dsa-afs kaserver":
+        domain       => "(ip ip6)",
+        description  => "afs callback",
+        rule         => "&SERVICE(udp, afs3-kaserver)"
+    }
+    @ferm::rule { "dsa-afs volser":
+        domain       => "(ip ip6)",
+        description  => "afs callback",
+        rule         => "&SERVICE(udp, afs3-volser)"
+    }
+    #@ferm::rule { "dsa-afs bos":
+    #    domain       => "(ip ip6)",
+    #    description  => "afs callback",
+    #    rule         => "&SERVICE(udp, afs3-bos)"
+    #}
+}
+# vim:set et:
+# vim:set sts=4 ts=4:
+# vim:set shiftwidth=4:
author	Peter Palfrader <peter@palfrader.org>
	Sun, 12 Sep 2010 08:41:19 +0000 (10:41 +0200)
committer	Peter Palfrader <peter@palfrader.org>
	Sun, 12 Sep 2010 08:41:36 +0000 (10:41 +0200)
manifests/site.pp		patch \| blob \| history
modules/afs/manifests/init.pp	[new file with mode: 0644]	patch \| blob
modules/afs/manifests/server.pp	[new file with mode: 0644]	patch \| blob