3 ssl::service { 'www.debian.org':
7 ssl::service { 'sip-ws.debian.org':
10 dnsextras::tlsa_record{ 'tlsa-xmpp':
12 certfile => "/etc/puppet/modules/ssl/files/servicecerts/www.debian.org.crt",
13 port => '5061 5222 5269',
17 @ferm::rule { 'dsa-xmpp-client-ip4':
19 description => 'XMPP connections (client to server)',
20 rule => 'proto tcp dport (5222) ACCEPT'
22 @ferm::rule { 'dsa-xmpp-client-ip6':
24 description => 'XMPP connections (client to server)',
25 rule => 'proto tcp dport (5222) ACCEPT'
27 @ferm::rule { 'dsa-xmpp-server-ip4':
29 description => 'XMPP connections (server to server)',
30 rule => 'proto tcp dport (5269) ACCEPT'
32 @ferm::rule { 'dsa-xmpp-server-ip6':
34 description => 'XMPP connections (server to server)',
35 rule => 'proto tcp dport (5269) ACCEPT'
38 @ferm::rule { 'dsa-sip-ws-ip4':
40 description => 'SIP connections (WebSocket; for WebRTC)',
41 rule => 'proto tcp dport (443) ACCEPT'
43 @ferm::rule { 'dsa-sip-ws-ip6':
45 description => 'SIP connections (WebSocket; for WebRTC)',
46 rule => 'proto tcp dport (443) ACCEPT'
48 @ferm::rule { 'dsa-sip-tls-ip4':
50 description => 'SIP connections (TLS)',
51 rule => 'proto tcp dport (5061) ACCEPT'
53 @ferm::rule { 'dsa-sip-tls-ip6':
55 description => 'SIP connections (TLS)',
56 rule => 'proto tcp dport (5061) ACCEPT'
58 @ferm::rule { 'dsa-turn-ip4':
60 description => 'TURN connections',
61 rule => 'proto udp dport (3478) ACCEPT'
63 @ferm::rule { 'dsa-turn-ip6':
65 description => 'TURN connections',
66 rule => 'proto udp dport (3478) ACCEPT'
68 @ferm::rule { 'dsa-turn-tls-ip4':
70 description => 'TURN connections (TLS)',
71 rule => 'proto tcp dport (5349) ACCEPT'
73 @ferm::rule { 'dsa-turn-tls-ip6':
75 description => 'TURN connections (TLS)',
76 rule => 'proto tcp dport (5349) ACCEPT'
78 @ferm::rule { 'dsa-rtp-ip4':
80 description => 'RTP streams',
81 rule => 'proto udp dport (49152:65535) ACCEPT'
83 @ferm::rule { 'dsa-rtp-ip6':
85 description => 'RTP streams',
86 rule => 'proto udp dport (49152:65535) ACCEPT'
89 file { '/etc/monit/monit.d/50rtc':