From: Luca Filipozzi Date: Sun, 4 Sep 2016 08:34:12 +0000 (+0000) Subject: add temporary rules to permit ssh from mnt and vpn networks X-Git-Url: https://git.adam-barratt.org.uk/?p=mirror%2Fdsa-puppet.git;a=commitdiff_plain;h=f817330b3e3c0eb060f5f5bcb0209662a2531ddb add temporary rules to permit ssh from mnt and vpn networks --- diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp index c5429a2e5..b9ad487de 100644 --- a/modules/ferm/manifests/per-host.pp +++ b/modules/ferm/manifests/per-host.pp @@ -503,9 +503,9 @@ REJECT reject-with icmp-admin-prohibited rule => 'outerface !tun+ mod mark mark 1 MASQUERADE', } } - ubc-enc2bl1: { + ubc-enc2bl1,ubc-enc2bl2,ubc-enc2bl9,ubc-enc2bl10: { @ferm::rule { 'dsa-luca-fixme': - description => 'Allow ssh access from manlan', + description => 'Allow ssh access from mnt and vpn networks', rule => '&SERVICE_RANGE(tcp, 22, ( 172.29.40.0/22 172.29.203.0/24 ))', } }