From: Stephen Gran <steve@lobefin.net>
Date: Sun, 25 Jul 2010 22:33:39 +0000 (+0100)
Subject: add ferm::nfs-server module
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=084b46670a54c326944b9051e401bc3c4b14da7d;p=mirror%2Fdsa-puppet.git

add ferm::nfs-server module

Signed-off-by: Stephen Gran <steve@lobefin.net>
---

diff --git a/modules/ferm/manifests/nfs-server.pp b/modules/ferm/manifests/nfs-server.pp
new file mode 100644
index 000000000..8fc4f1a33
--- /dev/null
+++ b/modules/ferm/manifests/nfs-server.pp
@@ -0,0 +1,27 @@
+class ferm::nfs-server {
+    @ferm::rule { "dsa-portmap":
+            domain          => "(ip ip6)",
+            description     => "Allow portmap access",
+            rule            => "&TCP_UDP_SERVICE(111)"
+    }
+    @ferm::rule { "dsa-nfs":
+            domain          => "(ip ip6)",
+            description     => "Allow nfsd access",
+            rule            => "&TCP_UDP_SERVICE(2049)"
+    }
+    @ferm::rule { "dsa-status":
+            domain          => "(ip ip6)",
+            description     => "Allow statd access",
+            rule            => "&TCP_UDP_SERVICE(10000)"
+    }
+    @ferm::rule { "dsa-mountd":
+            domain          => "(ip ip6)",
+            description     => "Allow mountd access",
+            rule            => "&TCP_UDP_SERVICE(10002)"
+    }
+    @ferm::rule { "dsa-lockd":
+            domain          => "(ip ip6)",
+            description     => "Allow lockd access",
+            rule            => "&TCP_UDP_SERVICE(10003)"
+    }
+}
diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index d561e52d1..0d2f56345 100644
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -17,6 +17,12 @@ class ferm::per-host {
         }
     }
 
+    case $hostname {
+        ravel: {
+            include ferm::nfs-server
+        }
+    }
+
     case $hostname {
         piatti: {
            @ferm::rule { "dsa-udd-stunnel":