From f58f0835bc278ec75b75df50f21c2198fc6cc17d Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 6 Jul 2013 19:46:53 +0200
Subject: [PATCH] Allow pg access to bmdb1 from coccia

---
 modules/ferm/manifests/per-host.pp | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 1ca64a5e3..998fcbdd1 100644
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -255,6 +255,17 @@ REJECT reject-with icmp-admin-prohibited
 				rule            => '&SERVICE_RANGE(tcp, 5433, ( 2001:41c8:1000:21::21:10/128 ))'
 			}
 		}
+		bmdb1: {
+			@ferm::rule { 'dsa-postgres-dak':
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, 5434, ( 5.153.231.11/32 ))'
+			}
+			@ferm::rule { 'dsa-postgres-dak':
+				domain          => 'ip6',
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, 5434, ( 2001:41c8:1000:21::21:11/128 ))'
+			}
+		}
 		danzi: {
 			@ferm::rule { 'dsa-postgres-danzi':
 				description     => 'Allow postgress access',
-- 
2.20.1