include ferm::zivit
}
- if $::hostname in [chopin,franck,gluck,kassia,klecker,lobos,morricone,ravel,ries,rietz,saens,schein,santoro,steffani,valente,villa,wieck,stabile,bizet] {
- include ferm::ftp
- }
-
case $::hostname {
piatti,samosa: {
@ferm::rule { 'dsa-udd-stunnel':
rule => '&SERVICE(udp, 69)'
}
}
- handel: {
- @ferm::rule { 'dsa-puppet':
- description => 'Allow puppet access',
- rule => '&SERVICE_RANGE(tcp, 8140, $HOST_DEBIAN_V4)'
- }
- @ferm::rule { 'dsa-puppet-v6':
- domain => 'ip6',
- description => 'Allow puppet access',
- rule => '&SERVICE_RANGE(tcp, 8140, $HOST_DEBIAN_V6)'
- }
- }
powell: {
@ferm::rule { 'dsa-powell-v6-tunnel':
description => 'Allow powell to use V6 tunnel broker',
rule => '&SERVICE(tcp, 6523)'
}
}
- bendel,liszt: {
- @ferm::rule { 'smtp':
- domain => '(ip ip6)',
- description => 'Allow smtp access',
- rule => '&SERVICE(tcp, 25)'
- }
- }
draghi: {
#@ferm::rule { 'dsa-bind':
# domain => '(ip ip6)',
projects / dsa-puppet.git / blobdiff