From ac7237e71c25afe4277e1140e57c142fe8d4a458 Mon Sep 17 00:00:00 2001
From: Tollef Fog Heen <tfheen@err.no>
Date: Sat, 16 Jun 2012 16:37:56 +0200
Subject: [PATCH] Allow some bacula director traffic too

---
 modules/bacula/manifests/client.pp   | 2 +-
 modules/bacula/manifests/director.pp | 7 +++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/modules/bacula/manifests/client.pp b/modules/bacula/manifests/client.pp
index 4703294f0..879978cfe 100644
--- a/modules/bacula/manifests/client.pp
+++ b/modules/bacula/manifests/client.pp
@@ -31,7 +31,7 @@ class bacula::client inherits bacula {
   }
 
   @ferm::rule { 'dsa-bacula-fd':
-    domain      => '(ip ip6)',
+    domain      => '(ip)',
     description => 'Allow bacula access from storage and director',
     rule        => "proto tcp mod state state (NEW) dport (bacula-fd) saddr ($bacula_director_address) ACCEPT",
   }
diff --git a/modules/bacula/manifests/director.pp b/modules/bacula/manifests/director.pp
index 40720b749..45b65e528 100644
--- a/modules/bacula/manifests/director.pp
+++ b/modules/bacula/manifests/director.pp
@@ -53,4 +53,11 @@ class bacula::director inherits bacula {
   $allhosts = keys($site::allnodeinfo)
 
   bacula_client { $allhosts: }
+
+  @ferm::rule { 'dsa-bacula-dir':
+    domain      => '(ip ip6)',
+    description => 'Allow bacula access from localhost,
+    rule        => "proto tcp mod state state (NEW) dport (bacula-dir) saddr ($bacula_director_address localhost) ACCEPT",
+  }
+
 }
-- 
2.20.1