dc11 icecast on scelsi

[dsa-puppet.git] / modules / ferm / manifests / per-host.pp

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 786358939c2867ebd24d2dc3cbbc02212db356e0..a1715dc09fa63e18a60679b1e44d69bb9a936cba 100644 (file)
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -6,7 +6,7 @@ class ferm::per-host {
     }
 
     case $hostname {
-        chopin,franck,gluck,kassia,klecker,lobos,morricone,ravel,ries,rietz,saens,schein,steffani,valente,villa,wieck,stabile: {
+        chopin,franck,gluck,kassia,klecker,lobos,morricone,ravel,ries,rietz,saens,schein,santoro,steffani,valente,villa,wieck,stabile: {
             include ferm::ftp
         }
     }
@@ -25,7 +25,7 @@ class ferm::per-host {
                 }
 
         }
-        abel,alwyn: {
+        abel,alwyn,rietz: {
             @ferm::rule { "dsa-tftp":
                 description     => "Allow tftp access",
                 rule            => "&SERVICE(udp, 69)"
@@ -128,6 +128,13 @@ class ferm::per-host {
                 rule            => "&TCP_UDP_SERVICE(5080)"
             }
         }
+       scelsi: {
+            @ferm::rule { "dc11-icecast":
+                domain          => "(ip ip6)",
+                description     => "Allow icecast access",
+                rule            => "&SERVICE(tcp, 8000)"
+            }
+       }
     }
 
     case $hostname { rautavaara,luchesi: {
@@ -150,6 +157,7 @@ class ferm::per-host {
                                 proto udp dport (53 123) ACCEPT;
                                 proto tcp dport 8140 daddr 82.195.75.104 ACCEPT; # puppethost
                                 proto tcp dport 5140 daddr (82.195.75.98 206.12.19.121) ACCEPT; # loghost
+                                proto tcp dport 11371 daddr 82.195.75.107 ACCEPT; # keyring host
                                 proto tcp dport (25 submission) daddr ($HOST_MAILRELAY_V4) ACCEPT
                                '
         }