From aa6d8525f305e27faaf7abd83731745a101dfdb9 Mon Sep 17 00:00:00 2001 From: Peter Palfrader Date: Sat, 11 Sep 2010 20:40:55 +0200 Subject: [PATCH] move krb firewalling to modules/krb --- modules/ferm/manifests/per-host.pp | 39 ---------------------------- modules/krb/manifests/init.pp | 41 ++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+), 39 deletions(-) diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp index 2f2c6e6df..379161fa1 100644 --- a/modules/ferm/manifests/per-host.pp +++ b/modules/ferm/manifests/per-host.pp @@ -127,45 +127,6 @@ class ferm::per-host { } } - case $hostname { - byrd,schuetz: { - @ferm::rule { "dsa-krb-kdc": - domain => "(ip ip6)", - description => "kerberos KDC", - rule => "&TCP_UDP_SERVICE(kerberos)" - } - } - } - case $hostname { - byrd: { - @ferm::rule { "dsa-krb-ipropd": - domain => "ip", - description => "kerberos ipropd", - rule => "&SERVICE_RANGE(tcp, iprop, 206.12.19.119)", - } - @ferm::rule { "dsa-krb-ipropd-v6": - domain => 'ip6', - description => "kerberos ipropd (IPv6)", - rule => "&SERVICE_RANGE(tcp, iprop, 2607:f8f0:610:4000:216:36ff:fe40:380a)", - } - @ferm::rule { "dsa-krb-kpasswdd": - domain => "(ip ip6)", - description => "kerberos KDC", - rule => "&SERVICE(udp, kpasswd)", - } - @ferm::rule { "dsa-krb-kadmind": - domain => "ip", - description => "kerberos kadmind access from draghi", - rule => "&SERVICE_RANGE(tcp, kerberos-adm, 82.195.75.106)", - } - @ferm::rule { "dsa-krb-kadmind-v6": - domain => "ip6", - description => "kerberos kadmind access from draghi", - rule => "&SERVICE_RANGE(tcp, kerberos-adm, 2001:41b8:202:deb:216:36ff:fe40:3906)", - } - } - } - case $hostname { rautavaara,luchesi: { @ferm::rule { "dsa-to-kfreebsd": description => "Traffic routed to kfreebsd hosts", diff --git a/modules/krb/manifests/init.pp b/modules/krb/manifests/init.pp index 08e4107ab..2ad8b0f00 100644 --- a/modules/krb/manifests/init.pp +++ b/modules/krb/manifests/init.pp @@ -4,6 +4,47 @@ class krb { content => template("krb/krb5.conf.erb"), ; } + + case $hostname { + byrd,schuetz: { + @ferm::rule { "dsa-krb-kdc": + domain => "(ip ip6)", + description => "kerberos KDC", + rule => "&TCP_UDP_SERVICE(kerberos)" + } + } + } + + case $hostname { + byrd: { + @ferm::rule { "dsa-krb-ipropd": + domain => "ip", + description => "kerberos ipropd", + rule => "&SERVICE_RANGE(tcp, iprop, 206.12.19.119)", + } + @ferm::rule { "dsa-krb-ipropd-v6": + domain => 'ip6', + description => "kerberos ipropd (IPv6)", + rule => "&SERVICE_RANGE(tcp, iprop, 2607:f8f0:610:4000:216:36ff:fe40:380a)", + } + @ferm::rule { "dsa-krb-kpasswdd": + domain => "(ip ip6)", + description => "kerberos KDC", + rule => "&SERVICE(udp, kpasswd)", + } + @ferm::rule { "dsa-krb-kadmind": + domain => "ip", + description => "kerberos kadmind access from draghi", + rule => "&SERVICE_RANGE(tcp, kerberos-adm, 82.195.75.106)", + } + @ferm::rule { "dsa-krb-kadmind-v6": + domain => "ip6", + description => "kerberos kadmind access from draghi", + rule => "&SERVICE_RANGE(tcp, kerberos-adm, 2001:41b8:202:deb:216:36ff:fe40:3906)", + } + } + } + } # vim:set et: # vim:set sts=4 ts=4: -- 2.20.1