ferm::per-host: allow HKP to keyring.d.o from the kFreeBSDs

[dsa-puppet.git] / modules / ferm / manifests / per-host.pp

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index d608fe42ac5aabbacc3d8b707d7800e0f1689452..5fd19cebf2f2e50cdc1a42cfcb6575473bebbb48 100644 (file)
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -25,7 +25,7 @@ class ferm::per-host {
                 }
 
         }
-        abel,alwyn: {
+        abel,alwyn,rietz: {
             @ferm::rule { "dsa-tftp":
                 description     => "Allow tftp access",
                 rule            => "&SERVICE(udp, 69)"
@@ -150,6 +150,7 @@ class ferm::per-host {
                                 proto udp dport (53 123) ACCEPT;
                                 proto tcp dport 8140 daddr 82.195.75.104 ACCEPT; # puppethost
                                 proto tcp dport 5140 daddr (82.195.75.98 206.12.19.121) ACCEPT; # loghost
+                                proto tcp dport 11371 daddr 82.195.75.107 ACCEPT; # keyring host
                                 proto tcp dport (25 submission) daddr ($HOST_MAILRELAY_V4) ACCEPT
                                '
         }