From: Martin Zobel-Helas <zobel@debian.org>
Date: Mon, 6 May 2013 20:37:57 +0000 (+0200)
Subject: work around ONTP's broken mail setup
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=b8f656975abbb0fdd4e26be35ad9342203d8ee27;p=mirror%2Fdsa-puppet.git

work around ONTP's broken mail setup
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
---

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 82d68270f..ff4d8d76c 100644
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -48,6 +48,20 @@ class ferm::per-host {
 				rule            => '&SERVICE_RANGE(tcp, 3493, ( 82.195.75.64/26 192.168.43.0/24 ))'
 			}
 		}
+		bendel: {
+			@ferm::rule { 'listmaster-ontp-in':
+				description	=> 'ONTP has a broken mail setup',
+				table		=> 'filter'
+				chain		=> 'INPUT'
+				rule		=> 'source 188.165.23.89/32 proto tcp dport 25 jump DROP',
+			}
+			@ferm::rule { 'listmaster-ontp-in':
+				description	=> 'ONTP has a broken mail setup',
+				table		=> 'filter'
+				chain		=> 'OUTPUT'
+				rule		=> 'destination 78.8.208.246/32 proto tcp dport 25 jump DROP',
+			}
+		}
 		danzi: {
 			@ferm::rule { 'dsa-postgres-danzi':
 				description     => 'Allow postgress access',