From: Peter Palfrader <peter@palfrader.org>
Date: Fri, 11 Jul 2014 19:22:16 +0000 (+0200)
Subject: firewall: restrict tftp on abel and jenkins to local networks
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=f1c81d7c9e67b4b11e1971c34cb94173e609e463;p=mirror%2Fdsa-puppet.git

firewall: restrict tftp on abel and jenkins to local networks
---

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 637159916..2260c9ca5 100644
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -455,10 +455,16 @@ REJECT reject-with icmp-admin-prohibited
 	}
 	# tftp
 	case $::hostname {
-		abel,jenkins: {
+		abel: {
 			@ferm::rule { 'dsa-tftp':
 				description     => 'Allow tftp access',
-				rule            => '&SERVICE(udp, 69)'
+				rule            => '&SERVICE_RANGE(udp, 69, ( 172.28.17.0/24 ))'
+			}
+		}
+		jenkins: {
+			@ferm::rule { 'dsa-tftp':
+				description     => 'Allow tftp access',
+				rule            => '&SERVICE_RANGE(udp, 69, ( 192.168.2.0/24 206.12.19.0/24 ))'
 			}
 		}
 		master: {