From c7afa6d04e06776ac94206451153d6c0c0572495 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Fri, 13 Sep 2019 12:34:55 +0200
Subject: [PATCH] disallow puppet access from clients for now

---
 modules/puppetmaster/manifests/init.pp | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/modules/puppetmaster/manifests/init.pp b/modules/puppetmaster/manifests/init.pp
index 7cb923c28..28120f4bf 100644
--- a/modules/puppetmaster/manifests/init.pp
+++ b/modules/puppetmaster/manifests/init.pp
@@ -10,15 +10,15 @@ class puppetmaster {
 		source => 'puppet:///modules/puppetmaster/puppetdb.conf'
 	}
 
-	ferm::rule { 'dsa-puppet':
-		description     => 'Allow puppet access',
-		rule            => '&SERVICE_RANGE(tcp, 8140, $HOST_DEBIAN_V4)'
-	}
-	ferm::rule { 'dsa-puppet-v6':
-		domain          => 'ip6',
-		description     => 'Allow puppet access',
-		rule            => '&SERVICE_RANGE(tcp, 8140, $HOST_DEBIAN_V6)'
-	}
+	#ferm::rule { 'dsa-puppet':
+	#	description     => 'Allow puppet access',
+	#	rule            => '&SERVICE_RANGE(tcp, 8140, $HOST_DEBIAN_V4)'
+	#}
+	#ferm::rule { 'dsa-puppet-v6':
+	#	domain          => 'ip6',
+	#	description     => 'Allow puppet access',
+	#	rule            => '&SERVICE_RANGE(tcp, 8140, $HOST_DEBIAN_V6)'
+	#}
 
 	file { '/srv/puppet.debian.org/puppet-facts':
 		ensure => directory
-- 
2.20.1