From f1c81d7c9e67b4b11e1971c34cb94173e609e463 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Fri, 11 Jul 2014 21:22:16 +0200
Subject: [PATCH] firewall: restrict tftp on abel and jenkins to local networks

---
 modules/ferm/manifests/per-host.pp | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 637159916..2260c9ca5 100644
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -455,10 +455,16 @@ REJECT reject-with icmp-admin-prohibited
 	}
 	# tftp
 	case $::hostname {
-		abel,jenkins: {
+		abel: {
 			@ferm::rule { 'dsa-tftp':
 				description     => 'Allow tftp access',
-				rule            => '&SERVICE(udp, 69)'
+				rule            => '&SERVICE_RANGE(udp, 69, ( 172.28.17.0/24 ))'
+			}
+		}
+		jenkins: {
+			@ferm::rule { 'dsa-tftp':
+				description     => 'Allow tftp access',
+				rule            => '&SERVICE_RANGE(udp, 69, ( 192.168.2.0/24 206.12.19.0/24 ))'
 			}
 		}
 		master: {
-- 
2.20.1