From 3d464d174dd635c924ff4063593e48037d903c49 Mon Sep 17 00:00:00 2001 From: Martin Zobel-Helas Date: Thu, 12 Aug 2010 22:02:01 +0200 Subject: [PATCH] add cilea --- manifests/site.pp | 2 +- modules/ferm/files/conntrack_sip.conf | 2 ++ modules/ferm/manifests/per-host.pp | 18 ++++++++++++++++++ 3 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 modules/ferm/files/conntrack_sip.conf diff --git a/manifests/site.pp b/manifests/site.pp index fa9bcd14e..c43378fda 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -87,7 +87,7 @@ node default { } case $hostname { - cilea,paganini: {} + paganini: {} default: { case $kernel { Linux: { diff --git a/modules/ferm/files/conntrack_sip.conf b/modules/ferm/files/conntrack_sip.conf new file mode 100644 index 000000000..f93ce2ce7 --- /dev/null +++ b/modules/ferm/files/conntrack_sip.conf @@ -0,0 +1,2 @@ +hook pre 'modprobe nf_conntrack_sip || true'; +hook pre 'modprobe nf_conntrack_h323 || true'; diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp index d515e37cf..890de74d7 100644 --- a/modules/ferm/manifests/per-host.pp +++ b/modules/ferm/manifests/per-host.pp @@ -108,6 +108,24 @@ class ferm::per-host { rule => "&SERVICE(tcp, 636)" } } + cilea: { + file { + "/etc/ferm/conf.d/load_sip_conntrack.conf": + source => "puppet:///ferm/conntrack_sip.conf", + require => Package["ferm"], + notify => Exec["ferm restart"]; + }, + @ferm::rule { "dsa-sip": + domain => "(ip ip6)", + description => "Allow sip access", + rule => "&TCP_UDP_SERVICE(5060)" + } + @ferm::rule { "dsa-sipx": + domain => "(ip ip6)", + description => "Allow sipx access", + rule => "&TCP_UDP_SERVICE(5080)" + } + } } -- 2.20.1