Switch bacula director->storage firewalling to store/collect

diff --git a/modules/bacula/manifests/director.pp b/modules/bacula/manifests/director.pp
index 3b62c59..241985b 100644 (file)
--- a/modules/bacula/manifests/director.pp
+++ b/modules/bacula/manifests/director.pp
@@ -118,4 +118,10 @@ class bacula::director inherits bacula {
     port        => '7', # overridden on collecting
     saddr       => $bacula::public_addresses,
   }
+  @@ferm::rule::simple { "bacula::director-to-storage::${::fqdn}":
+    tag         => 'bacula::director-to-storage',
+    description => 'Allow bacula-storage access from the bacula-director',
+    port        => '7', # overridden on collecting
+    saddr       => $bacula::public_addresses,
+  }
 }

diff --git a/modules/bacula/manifests/storage.pp b/modules/bacula/manifests/storage.pp
index 97dc424..3b1c5fb 100644 (file)
--- a/modules/bacula/manifests/storage.pp
+++ b/modules/bacula/manifests/storage.pp
@@ -50,6 +50,10 @@ class bacula::storage inherits bacula {
     rule        => 'proto tcp mod state state (NEW) dport (bacula-sd) @subchain \'bacula-sd\' { saddr ($HOST_DEBIAN) ACCEPT; }',
     notarule    => true,
   }
+  # allow access from director
+  Ferm::Rule::Simple <<| tag == 'bacula::director-to-storage' |>> {
+    port => $bacula::bacula_storage_port,
+  }
 
   file { '/etc/bacula/storage-conf.d/empty.conf':
     content => '',