rule => '&SERVICE(udp, 69)'
}
}
- #paganini: {
- # @ferm::rule { 'dsa-dhcp':
- # description => 'Allow dhcp access',
- # rule => '&SERVICE(udp, 67)'
- # }
- # @ferm::rule { 'dsa-tftp':
- # description => 'Allow tftp access',
- # rule => '&SERVICE(udp, 69)'
- # }
- #}
lotti,lully: {
@ferm::rule { 'dsa-syslog':
description => 'Allow syslog access',
description => 'Allow postgress access',
rule => '&SERVICE_RANGE(tcp, 5433, ( 2001:41c8:1000:21::21:10/128 ))'
}
+
+ @ferm::rule { 'dsa-postgres-backup':
+ description => 'Allow postgress access',
+ rule => '&SERVICE_RANGE(tcp, 5433, ( 5.153.231.12/32 ))'
+ }
+ @ferm::rule { 'dsa-postgres-backup6':
+ domain => 'ip6',
+ description => 'Allow postgress access',
+ rule => '&SERVICE_RANGE(tcp, 5433, ( 2001:41c8:1000:21::21:12/128 ))'
+ }
}
bmdb1: {
@ferm::rule { 'dsa-postgres-main':
description => 'Allow postgress access1',
rule => '&SERVICE_RANGE(tcp, 5437, ( 2001:41c8:1000:21::21:19/128 ))'
}
+
+ @ferm::rule { 'dsa-postgres-backup':
+ # ubc, wuit
+ description => 'Allow postgress access',
+ rule => '&SERVICE_RANGE(tcp, (5435 5436), ( 5.153.231.12/32 ))'
+ }
+ @ferm::rule { 'dsa-postgres-backup6':
+ domain => 'ip6',
+ description => 'Allow postgress access',
+ rule => '&SERVICE_RANGE(tcp, (5435 5436), ( 2001:41c8:1000:21::21:12/128 ))'
+ }
}
danzi: {
@ferm::rule { 'dsa-postgres-danzi':
description => 'Allow postgress access4',
rule => '&SERVICE_RANGE(tcp, 5438, ( 206.12.19.0/24 ))'
}
+
+ @ferm::rule { 'dsa-postgres-backup':
+ description => 'Allow postgress access',
+ rule => '&SERVICE_RANGE(tcp, 5433, ( 5.153.231.12/32 ))'
+ }
+ @ferm::rule { 'dsa-postgres-backup6':
+ domain => 'ip6',
+ description => 'Allow postgress access',
+ rule => '&SERVICE_RANGE(tcp, 5433, ( 2001:41c8:1000:21::21:12/128 ))'
+ }
}
chopin: {
@ferm::rule { 'dsa-postgres-backup':
- # ubc, wuit
description => 'Allow postgress access',
rule => '&SERVICE_RANGE(tcp, 5432, ( 5.153.231.12/32 ))'
}
rule => '&SERVICE_RANGE(tcp, 5432, ( 2001:41c8:1000:21::21:12/128 ))'
}
}
+ sibelius: {
+ @ferm::rule { 'dsa-postgres-backup':
+ description => 'Allow postgress access',
+ rule => '&SERVICE_RANGE(tcp, 5433, ( 5.153.231.12/32 ))'
+ }
+ @ferm::rule { 'dsa-postgres-backup6':
+ domain => 'ip6',
+ description => 'Allow postgress access',
+ rule => '&SERVICE_RANGE(tcp, 5433, ( 2001:41c8:1000:21::21:12/128 ))'
+ }
+ }
default: {}
}
# vpn fu