rule => 'proto tcp daddr 206.12.19.150 dport 80 REDIRECT to-ports 6081',
}
}
+ lw05: {
+ @ferm::rule { 'dsa-snapshot-varnish':
+ rule => '&SERVICE(tcp, 6081)',
+ }
+ @ferm::rule { 'dsa-nat-snapshot-varnish':
+ table => 'nat',
+ chain => 'PREROUTING',
+ rule => 'proto tcp daddr 185.17.185.181 dport 80 REDIRECT to-ports 6081',
+ }
+ }
+ lw06: {
+ @ferm::rule { 'dsa-snapshot-varnish':
+ rule => '&SERVICE(tcp, 6081)',
+ }
+ @ferm::rule { 'dsa-nat-snapshot-varnish':
+ table => 'nat',
+ chain => 'PREROUTING',
+ rule => 'proto tcp daddr 185.17.185.182 dport 80 REDIRECT to-ports 6081',
+ }
+ }
default: {}
}
case $::hostname {
description => 'Allow postgress access',
rule => '&SERVICE_RANGE(tcp, 5436, ( 2001:41c8:1000:21::21:18/128 2607:f8f0:610:4000:6564:a62:ce0c:138d/128 ))'
}
+ @ferm::rule { 'dsa-postgres-wanna-build-ports':
+ # portman
+ description => 'Allow postgress access',
+ rule => '&SERVICE_RANGE(tcp, 5438, ( 5.153.231.29/25 ))'
+ }
+ @ferm::rule { 'dsa-postgres-wanna-build-ports6':
+ domain => 'ip6',
+ description => 'Allow postgress access',
+ rule => '&SERVICE_RANGE(tcp, 5438, ( 2001:41c8:1000:21::21:29/64 ))'
+ }
@ferm::rule { 'dsa-postgres-bacula':
# dinis
description => 'Allow postgress access1',
description => 'Allow postgress access',
rule => '&SERVICE_RANGE(tcp, 5433, ( 2001:41c8:1000:21::21:12/128 ))'
}
+ @ferm::rule { 'dsa-postgres-replication':
+ description => 'Allow postgress access',
+ rule => '&SERVICE_RANGE(tcp, 5433, ( 185.17.185.180/32 ))'
+ }
+ }
+ lw04: {
+ @ferm::rule { 'dsa-postgres-snapshot':
+ description => 'Allow postgress access',
+ rule => '&SERVICE_RANGE(tcp, 5439, ( 185.17.185.181/32 185.17.185.182/32 ))'
+ }
}
default: {}
}
projects / dsa-puppet.git / blobdiff