Merge branch 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet

[dsa-puppet.git] / modules / ferm / manifests / per-host.pp

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 890de74d7df5f33d23e348a9986d27eb30f7e5c4..ec082c385b0eb440b6338caee28317ce6dcc2d85 100644 (file)
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -111,10 +111,10 @@ class ferm::per-host {
        cilea: {
             file {
                 "/etc/ferm/conf.d/load_sip_conntrack.conf":
-                    source => "puppet:///ferm/conntrack_sip.conf",
+                    source => "puppet:///modules/ferm/conntrack_sip.conf",
                     require => Package["ferm"],
                     notify  => Exec["ferm restart"];
-            },
+            }
             @ferm::rule { "dsa-sip":
                     domain          => "(ip ip6)",
                     description     => "Allow sip access",
@@ -195,6 +195,30 @@ class ferm::per-host {
             }
         }
     }
+
+    # redirect snapshot into varnish
+    case $hostname {
+        sibelius: {
+            @ferm::rule { "dsa-snapshot-varnish":
+                rule            => '&SERVICE(tcp, 6081)',
+            }
+            @ferm::rule { "dsa-nat-snapshot-varnish":
+                table           => 'nat',
+                chain           => 'PREROUTING',
+                rule            => 'proto tcp daddr 193.62.202.28 dport 80 REDIRECT to-ports 6081',
+            }
+        }
+        stabile: {
+            @ferm::rule { "dsa-snapshot-varnish":
+                rule            => '&SERVICE(tcp, 6081)',
+            }
+            @ferm::rule { "dsa-nat-snapshot-varnish":
+                table           => 'nat',
+                chain           => 'PREROUTING',
+                rule            => 'proto tcp daddr 206.12.19.150 dport 80 REDIRECT to-ports 6081',
+            }
+        }
+    }
 }
 
 # vim:set et: