@@ferm::rule::simple { "dsa-ssh-from-ftp_master-${::fqdn}":
tag => 'ssh::server::from::ftp_master',
description => 'Allow ssh access from ftp_master',
- port => '22',
+ chain => 'ssh',
saddr => $base::public_addresses,
}
}
@@ferm::rule::simple { "dsa-ssh-from-historical_master-${::fqdn}":
tag => 'ssh::server::from::historical_master',
description => 'Allow ssh access from historical-master',
- port => '22',
+ chain => 'ssh',
saddr => $base::public_addresses,
}
}
@@ferm::rule::simple { "dsa-ssh-from-ports_master-${::fqdn}":
tag => 'ssh::server::from::ports_master',
description => 'Allow ssh access from ports-master',
- port => '22',
+ chain => 'ssh',
saddr => $base::public_addresses,
}
}
@@ferm::rule::simple { "dsa-ssh-from-security_master-${::fqdn}":
tag => 'ssh::server::from::security_master',
description => 'Allow ssh access from security_master',
- port => '22',
+ chain => 'ssh',
saddr => $base::public_addresses,
}
}
@@ferm::rule::simple { "dsa-ssh-from-syncproxy-${::fqdn}":
tag => 'ssh::server::from::syncproxy',
description => 'Allow ssh access from a syncproxy',
- port => '22',
+ chain => 'ssh',
saddr => $ssh_source_addresses,
}
# syncproxies should be accessible from various role hosts
projects / mirror / dsa-puppet.git / commitdiff