disallow puppet access from clients for now

author Peter Palfrader <peter@palfrader.org>

Fri, 13 Sep 2019 10:34:55 +0000 (12:34 +0200)

committer Peter Palfrader <peter@palfrader.org>

Fri, 13 Sep 2019 10:34:55 +0000 (12:34 +0200)
author Peter Palfrader <peter@palfrader.org>
Fri, 13 Sep 2019 10:34:55 +0000 (12:34 +0200)
committer Peter Palfrader <peter@palfrader.org>
Fri, 13 Sep 2019 10:34:55 +0000 (12:34 +0200)
diff --git a/modules/puppetmaster/manifests/init.pp b/modules/puppetmaster/manifests/init.pp

index 7cb923c..28120f4 100644 (file)
--- a/modules/puppetmaster/manifests/init.pp
+++ b/modules/puppetmaster/manifests/init.pp
@@ -10,15 +10,15 @@ class puppetmaster {
                 source => 'puppet:///modules/puppetmaster/puppetdb.conf'
         }
  
-       ferm::rule { 'dsa-puppet':
-               description     => 'Allow puppet access',
-               rule            => '&SERVICE_RANGE(tcp, 8140, $HOST_DEBIAN_V4)'
-       }
-       ferm::rule { 'dsa-puppet-v6':
-               domain          => 'ip6',
-               description     => 'Allow puppet access',
-               rule            => '&SERVICE_RANGE(tcp, 8140, $HOST_DEBIAN_V6)'
-       }
+       #ferm::rule { 'dsa-puppet':
+       #       description     => 'Allow puppet access',
+       #       rule            => '&SERVICE_RANGE(tcp, 8140, $HOST_DEBIAN_V4)'
+       #}
+       #ferm::rule { 'dsa-puppet-v6':
+       #       domain          => 'ip6',
+       #       description     => 'Allow puppet access',
+       #       rule            => '&SERVICE_RANGE(tcp, 8140, $HOST_DEBIAN_V6)'
+       #}
  
         file { '/srv/puppet.debian.org/puppet-facts':
                 ensure => directory
author	Peter Palfrader <peter@palfrader.org>
	Fri, 13 Sep 2019 10:34:55 +0000 (12:34 +0200)
committer	Peter Palfrader <peter@palfrader.org>
	Fri, 13 Sep 2019 10:34:55 +0000 (12:34 +0200)