From: Peter Palfrader <peter@palfrader.org>
Date: Fri, 13 Sep 2019 10:34:55 +0000 (+0200)
Subject: disallow puppet access from clients for now
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=c7afa6d04e06776ac94206451153d6c0c0572495;p=mirror%2Fdsa-puppet.git

disallow puppet access from clients for now
---

diff --git a/modules/puppetmaster/manifests/init.pp b/modules/puppetmaster/manifests/init.pp
index 7cb923c28..28120f4bf 100644
--- a/modules/puppetmaster/manifests/init.pp
+++ b/modules/puppetmaster/manifests/init.pp
@@ -10,15 +10,15 @@ class puppetmaster {
 		source => 'puppet:///modules/puppetmaster/puppetdb.conf'
 	}
 
-	ferm::rule { 'dsa-puppet':
-		description     => 'Allow puppet access',
-		rule            => '&SERVICE_RANGE(tcp, 8140, $HOST_DEBIAN_V4)'
-	}
-	ferm::rule { 'dsa-puppet-v6':
-		domain          => 'ip6',
-		description     => 'Allow puppet access',
-		rule            => '&SERVICE_RANGE(tcp, 8140, $HOST_DEBIAN_V6)'
-	}
+	#ferm::rule { 'dsa-puppet':
+	#	description     => 'Allow puppet access',
+	#	rule            => '&SERVICE_RANGE(tcp, 8140, $HOST_DEBIAN_V4)'
+	#}
+	#ferm::rule { 'dsa-puppet-v6':
+	#	domain          => 'ip6',
+	#	description     => 'Allow puppet access',
+	#	rule            => '&SERVICE_RANGE(tcp, 8140, $HOST_DEBIAN_V6)'
+	#}
 
 	file { '/srv/puppet.debian.org/puppet-facts':
 		ensure => directory