From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 6 Jul 2013 17:46:53 +0000 (+0200)
Subject: Allow pg access to bmdb1 from coccia
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=f58f0835bc278ec75b75df50f21c2198fc6cc17d;p=mirror%2Fdsa-puppet.git

Allow pg access to bmdb1 from coccia
---

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 1ca64a5e3..998fcbdd1 100644
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -255,6 +255,17 @@ REJECT reject-with icmp-admin-prohibited
 				rule            => '&SERVICE_RANGE(tcp, 5433, ( 2001:41c8:1000:21::21:10/128 ))'
 			}
 		}
+		bmdb1: {
+			@ferm::rule { 'dsa-postgres-dak':
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, 5434, ( 5.153.231.11/32 ))'
+			}
+			@ferm::rule { 'dsa-postgres-dak':
+				domain          => 'ip6',
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, 5434, ( 2001:41c8:1000:21::21:11/128 ))'
+			}
+		}
 		danzi: {
 			@ferm::rule { 'dsa-postgres-danzi':
 				description     => 'Allow postgress access',