From: Stephen Gran Date: Sun, 20 May 2012 20:05:31 +0000 (+0100) Subject: Merge branch 'rsync-shuffle' X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;ds=sidebyside;h=650335318c9021ace96b0cb6d49a13c1a472271f;hp=-c;p=mirror%2Fdsa-puppet.git Merge branch 'rsync-shuffle' --- 650335318c9021ace96b0cb6d49a13c1a472271f diff --combined modules/debian-org/misc/local.yaml index ee6755ffa,02c0aede9..f6df5968b --- a/modules/debian-org/misc/local.yaml +++ b/modules/debian-org/misc/local.yaml @@@ -35,12 -35,10 +35,12 @@@ nameinfo elgar.debian.org: Edward Elgar (1857 - 1934) englund.debian.org: Sven Einar Englund (June 17th, 1916 - June 27th, 1999) eysler.debian.org: Edmund Samuel Eysler (March 12th, 1874 - October 4th, 1949) + falla.debian.org: Manuel de Falla y Matheu (November 23rd, 1876 - November 14th, 1946) fano.debian.org: Guido Alberto Fano (March 18th, 1875 - August 14th, 1961) fasch.debian.org: Johann Friedrich Fasch (1688 - 1758) field.debian.org: John Field (1782 - 1837) finzi.debian.org: Gerald Raphael Finzi (July 14th, 1901 - September 27th, 1956) + fischer.debian.org: Johann Caspar Ferdinand Fischer (September 9th, 1656 - August 27th, 1746) franck.debian.org: Melchior Franck (1579 - June 1st, 1639) gabrielli.debian.org: Domenico Gabrielli (April 15th, 1651 - July 10th, 1690) glinka.debian.org: Mikhail Ivanovich Glinka (1804 - 1857) @@@ -149,6 -147,8 +149,8 @@@ services bugsmaster: bugsmx: - busoni.debian.org + bugs_search: + - glinka.debian.org dbmaster: - draghi.debian.org ftp_master: @@@ -175,6 -175,10 +177,10 @@@ - reger.debian.org security_master: - chopin.debian.org + www_master: + - wolkenstein.debian.org + keyring: + - kaufmann.debian.org host_settings: heavy_exim: - bellini.debian.org diff --combined modules/ferm/manifests/per-host.pp index d6fbb0a1d,70e0e73f2..2756e59f0 --- a/modules/ferm/manifests/per-host.pp +++ b/modules/ferm/manifests/per-host.pp @@@ -3,6 -3,14 +3,14 @@@ class ferm::per-host include ferm::zivit } + if $::hostname in [klecker,merikanto,powell,ravel,rietz,senfl,sibelius,stabile] { + ferm::rule { 'dsa-rsync': + domain => '(ip ip6)', + description => 'Allow rsync access', + rule => '&SERVICE(tcp, 873)' + } + } + case $::hostname { piatti,samosa: { @ferm::rule { 'dsa-udd-stunnel': @@@ -172,9 -180,7 +180,9 @@@ REJECT reject-with icmp-admin-prohibite chain => 'FORWARD', rule => 'def $ADDRESS_FANO=206.12.19.110; def $ADDRESS_FINZI=206.12.19.111; -def $FREEBSD_HOSTS=($ADDRESS_FANO $ADDRESS_FINZI); +def $ADDRESS_FISCHER=206.12.19.112; +def $ADDRESS_FALLA=206.12.19.117; +def $FREEBSD_HOSTS=($ADDRESS_FANO $ADDRESS_FINZI $ADDRESS_FISCHER $ADDRESS_FALLA); policy ACCEPT; mod state state (ESTABLISHED RELATED) ACCEPT; @@@ -182,7 -188,6 +190,7 @@@ interface br0 outerface br0 ACCEPT interface br1 outerface br1 ACCEPT; interface br2 outerface br0 jump from-kfreebsd; +interface br0 destination ($ADDRESS_FISCHER $ADDRESS_FALLA) proto tcp dport 22 ACCEPT; interface br0 destination ($FREEBSD_HOSTS) jump to-kfreebsd; ULOG ulog-prefix "REJECT FORWARD: "; REJECT reject-with icmp-admin-prohibited @@@ -217,7 -222,4 +225,4 @@@ default: {} } - if $::rsyncd { - include ferm::rsync - } }