Allow some bacula director traffic too

author Tollef Fog Heen <tfheen@err.no>

Sat, 16 Jun 2012 14:37:56 +0000 (16:37 +0200)

committer Tollef Fog Heen <tfheen@err.no>

Sat, 16 Jun 2012 14:38:24 +0000 (16:38 +0200)
author Tollef Fog Heen <tfheen@err.no>
Sat, 16 Jun 2012 14:37:56 +0000 (16:37 +0200)
committer Tollef Fog Heen <tfheen@err.no>
Sat, 16 Jun 2012 14:38:24 +0000 (16:38 +0200)
diff --git a/modules/bacula/manifests/client.pp b/modules/bacula/manifests/client.pp

index 4703294..879978c 100644 (file)
--- a/modules/bacula/manifests/client.pp
+++ b/modules/bacula/manifests/client.pp
@@ -31,7 +31,7 @@ class bacula::client inherits bacula {
    }
  
    @ferm::rule { 'dsa-bacula-fd':
-    domain      => '(ip ip6)',
+    domain      => '(ip)',
      description => 'Allow bacula access from storage and director',
      rule        => "proto tcp mod state state (NEW) dport (bacula-fd) saddr ($bacula_director_address) ACCEPT",
    }
diff --git a/modules/bacula/manifests/director.pp b/modules/bacula/manifests/director.pp

index 40720b7..45b65e5 100644 (file)
--- a/modules/bacula/manifests/director.pp
+++ b/modules/bacula/manifests/director.pp
@@ -53,4 +53,11 @@ class bacula::director inherits bacula {
    $allhosts = keys($site::allnodeinfo)
  
    bacula_client { $allhosts: }
+
+  @ferm::rule { 'dsa-bacula-dir':
+    domain      => '(ip ip6)',
+    description => 'Allow bacula access from localhost,
+    rule        => "proto tcp mod state state (NEW) dport (bacula-dir) saddr ($bacula_director_address localhost) ACCEPT",
+  }
+
  }
author	Tollef Fog Heen <tfheen@err.no>
	Sat, 16 Jun 2012 14:37:56 +0000 (16:37 +0200)
committer	Tollef Fog Heen <tfheen@err.no>
	Sat, 16 Jun 2012 14:38:24 +0000 (16:38 +0200)
modules/bacula/manifests/client.pp		patch \| blob \| history
modules/bacula/manifests/director.pp		patch \| blob \| history