}
case $::hostname {
+ bm-bl9: {
+ @ferm::rule { 'dsa-iscsi':
+ description => 'Allow iscsi access',
+ rule => '&SERVICE_RANGE(tcp, 3260, ( 5.153.231.240/27 172.29.123.0/24 ))'
+ }
+ }
oyens: {
@ferm::rule { 'dsa-amqp':
description => 'Allow rabbitmq access',
description => 'Allow keystone access',
rule => '&SERVICE_RANGE(tcp, 5000, ( 5.153.231.240/27 172.29.123.0/24 ))'
}
- @ferm::rule { 'dsa-keystone2':
+ @ferm::rule { 'dsa-keystone-admin':
description => 'Allow keystone access',
rule => '&SERVICE_RANGE(tcp, 35357, ( 5.153.231.240/27 172.29.123.0/24 ))'
}
- @ferm::rule { 'dsa-glance1':
+ @ferm::rule { 'dsa-glance-api':
description => 'Allow glance access',
- rule => '&SERVICE_RANGE(tcp, 9191, ( 5.153.231.240/27 172.29.123.0/24 ))'
+ rule => '&SERVICE_RANGE(tcp, 9292, ( 5.153.231.240/27 172.29.123.0/24 ))'
}
- @ferm::rule { 'dsa-glance2':
+ @ferm::rule { 'dsa-glance-registry':
description => 'Allow glance access',
rule => '&SERVICE_RANGE(tcp, 9191, ( 5.153.231.240/27 172.29.123.0/24 ))'
}
description => 'Allow glance access',
rule => '&SERVICE_RANGE(tcp, 9696, ( 5.153.231.240/27 172.29.123.0/24 ))'
}
- @ferm::rule { 'dsa-nova1':
+ @ferm::rule { 'dsa-nova-ec2':
description => 'Allow nova access',
rule => '&SERVICE_RANGE(tcp, 8773, ( 5.153.231.240/27 172.29.123.0/24 ))'
}
description => 'Allow nova access',
rule => '&SERVICE_RANGE(tcp, 8774, ( 5.153.231.240/27 172.29.123.0/24 ))'
}
- @ferm::rule { 'dsa-nova3':
+ @ferm::rule { 'dsa-nova-metadata':
description => 'Allow nova access',
rule => '&SERVICE_RANGE(tcp, 8775, ( 5.153.231.240/27 172.29.123.0/24 ))'
}
rule => '&SERVICE(tcp, 636)'
}
}
- cilea: {
- ferm::module { 'nf_conntrack_sip': }
- ferm::module { 'nf_conntrack_h323': }
-
- @ferm::rule { 'dsa-sip':
- domain => '(ip ip6)',
- description => 'Allow sip access',
- rule => '&TCP_UDP_SERVICE(5060)'
- }
- @ferm::rule { 'dsa-sipx':
- domain => '(ip ip6)',
- description => 'Allow sipx access',
- rule => '&TCP_UDP_SERVICE(5080)'
- }
- }
sonntag: {
@ferm::rule { 'dsa-bugs-search':
description => 'port 1978 for bugs-search from bug web frontends',