add cilea

[dsa-puppet.git] / modules / ferm / manifests / per-host.pp

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index d515e37cfac52560c458b8a112104cd5375ca5d8..890de74d7df5f33d23e348a9986d27eb30f7e5c4 100644 (file)
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -108,6 +108,24 @@ class ferm::per-host {
                     rule            => "&SERVICE(tcp, 636)"
            }
         }
+       cilea: {
+            file {
+                "/etc/ferm/conf.d/load_sip_conntrack.conf":
+                    source => "puppet:///ferm/conntrack_sip.conf",
+                    require => Package["ferm"],
+                    notify  => Exec["ferm restart"];
+            },
+            @ferm::rule { "dsa-sip":
+                    domain          => "(ip ip6)",
+                    description     => "Allow sip access",
+                    rule            => "&TCP_UDP_SERVICE(5060)"
+            }
+            @ferm::rule { "dsa-sipx":
+                    domain          => "(ip ip6)",
+                    description     => "Allow sipx access",
+                    rule            => "&TCP_UDP_SERVICE(5080)"
+            }
+        }
     }