Try to add byrd/schuetz special ports

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 379161f..575b201 100644 (file)
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -127,6 +127,35 @@ class ferm::per-host {
         }
     }
 
+    case $hostname {
+        byrd,schuetz: {
+            @ferm::rule { "dsa-krb-kdc":
+                domain          => "(ip ip6)",
+                description  => "kerberos KDC",
+                rule         => "&SERVICE(tcp, 88)"
+            }
+        }
+    }
+    case $hostname {
+        byrd: {
+            @ferm::rule { "dsa-krb-ipropd":
+                domain       => "ip",
+                description  => "kerberos ipropd",
+                rule         => "&SERVICE_RANGE(tcp, 2121, 206.12.19.119)",
+            }
+            @ferm::rule { "dsa-krb-ipropd-v6":
+                domain       => 'ip6',
+                description  => "kerberos ipropd (IPv6)",
+                rule         => "&SERVICE_RANGE(tcp, 2121, 2607:f8f0:610:4000:216:36ff:fe40:380a)",
+            }
+            @ferm::rule { "dsa-krb-kpasswdd":
+                domain          => "(ip ip6)",
+                description  => "kerberos KDC",
+                rule         => "&SERVICE(udp, 464)",
+            }
+        }
+    }
+
     case $hostname { rautavaara,luchesi: {
         @ferm::rule { "dsa-to-kfreebsd":
             description     => "Traffic routed to kfreebsd hosts",