class ferm::per-host {
- case $hostname {
+ case $::hostname {
ancina,zandonai,zelenka: {
include ferm::zivit
}
}
- case $hostname {
- chopin,franck,gluck,kassia,klecker,lobos,morricone,ravel,ries,rietz,saens,schein,santoro,steffani,valente,villa,wieck,stabile: {
+ case $::hostname {
+ chopin,franck,gluck,kassia,klecker,lobos,morricone,ravel,ries,rietz,saens,schein,santoro,steffani,valente,villa,wieck,stabile,bizet: {
include ferm::ftp
}
}
- case $hostname {
+ case $::hostname {
piatti,samosa: {
@ferm::rule { "dsa-udd-stunnel":
description => "port 8080 for udd stunnel",
}
}
danzi: {
- @ferm::rule { "dsa-postgres-danzi":
- description => "Allow postgress access",
- rule => "&SERVICE_RANGE(tcp, 5433, ( 206.12.19.0/24 ))"
+ @ferm::rule {
+ "dsa-postgres-danzi":
+ description => "Allow postgress access",
+ rule => "&SERVICE_RANGE(tcp, 5433, ( 206.12.19.0/24 ))"
+ ;
+ "dsa-postgres2-danzi":
+ description => "Allow postgress access2",
+ rule => "&SERVICE_RANGE(tcp, 5437, ( 206.12.19.0/24 ))"
+ ;
+ "dsa-postgres3-danzi":
+ description => "Allow postgress access2",
+ rule => "&SERVICE_RANGE(tcp, 5436, ( 206.12.19.0/24 ))"
+ ;
}
}
rule => "&SERVICE(tcp, 11371)"
}
}
- franck: {
- @ferm::rule { "dak_replication":
- domain => "(ip)",
- description => "Allow dak pg replication",
- rule => "&SERVICE_RANGE(tcp, 5433, 128.148.34.103/32)"
+ gombert: {
+ @ferm::rule { "dsa-infinoted":
+ domain => "(ip ip6)",
+ description => "Allow infinoted access",
+ rule => "&SERVICE(tcp, 6523)"
}
}
- liszt: {
+ bendel,liszt: {
@ferm::rule { "smtp":
domain => "(ip ip6)",
description => "Allow smtp access",
rule => "&TCP_UDP_SERVICE(5080)"
}
}
+ scelsi: {
+ @ferm::rule { "dc11-icecast":
+ domain => "(ip ip6)",
+ description => "Allow icecast access",
+ rule => "&SERVICE(tcp, 8000)"
+ }
+ }
}
case $hostname { rautavaara,luchesi: {
proto udp dport (53 123) ACCEPT;
proto tcp dport 8140 daddr 82.195.75.104 ACCEPT; # puppethost
proto tcp dport 5140 daddr (82.195.75.98 206.12.19.121) ACCEPT; # loghost
+ proto tcp dport 11371 daddr 82.195.75.107 ACCEPT; # keyring host
proto tcp dport (25 submission) daddr ($HOST_MAILRELAY_V4) ACCEPT
'
}
}
# redirect snapshot into varnish
- case $hostname {
+ case $::hostname {
sibelius: {
@ferm::rule { "dsa-snapshot-varnish":
rule => '&SERVICE(tcp, 6081)',
}
}
}
+
+ if $::rsyncd {
+ include ferm::rsync
+ }
}
# vim:set et: