X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=modules%2Fferm%2Ffiles%2Fdefs.conf;h=3e18b137e0cb26a1cf87bd0e4bc00976194a0e70;hb=904e638853b3816116f909863228d679a9301a9a;hp=0359fa921814bb42101ef0ec2f27601506e8b58e;hpb=7fab1724e3db6041ee83e3424d2d0e741381d53a;p=dsa-puppet.git

diff --git a/modules/ferm/files/defs.conf b/modules/ferm/files/defs.conf
index 0359fa92..3e18b137 100644
--- a/modules/ferm/files/defs.conf
+++ b/modules/ferm/files/defs.conf
@@ -4,36 +4,35 @@
 ##
 
 @def &SERVICE($proto, $port) = {
- domain (ip ip6) chain INPUT proto $proto dport $port ACCEPT;
+ proto $proto mod state state (NEW) dport $port ACCEPT;
 }
 
-@def &V4_SERVICE($proto, $port) = {
- domain ip chain INPUT proto $proto dport $port ACCEPT;
+@def &SERVICE_RANGE($proto, $port, $srange) = {
+ proto $proto mod state state (NEW) dport $port saddr ($srange) ACCEPT;
 }
 
-@def &V6_SERVICE($proto, $port) = {
- domain ip6 chain INPUT proto $proto dport $port ACCEPT;
+@def &TCP_UDP_SERVICE($port) = {
+ proto (tcp udp) mod state state (NEW) dport $port ACCEPT;
 }
 
-@def &V4_SERVICE_RANGE($proto, $port, $srange) = {
- domain ip chain INPUT proto $proto dport $port saddr $srange ACCEPT;
-}
-
-@def &V6_SERVICE_RANGE($proto, $port, $srange) = {
- domain ip6 chain INPUT proto $proto dport $port saddr $srange ACCEPT;
-}
-
-@def $HOST_MUNIN  = (192.25.206.57 192.25.206.33);
-@def $HOST_NAGIOS = (192.25.206.57 192.25.206.33);
+@def $HOST_MUNIN  = (192.25.206.33);
+@def $HOST_NAGIOS = (206.12.19.118);
 
 @def $sgran   = (91.103.132.24/29);
 @def $weasel  = ();
+@def $weasel  = ($weasel 86.59.118.144/28); # debian@sil
+@def $weasel  = ($weasel 86.59.21.32/29); # anguilla1
+@def $weasel  = ($weasel 86.59.30.32/28); # anguilla2
+@def $weasel  = ($weasel 141.201.27.0/24); # came
+@def $weasel  = ($weasel 62.99.152.178); # argos.campus-sbg
 @def $zobel   = ();
 @def $luca    = ();
 @def $DSA_IPS = ($sgran $weasel $zobel $luca);
 
 @def $sgran6     = (2001:4b10:100b::/48);
 @def $weasel6    = ();
+@def $weasel6    = ($weasel6 2001:826:408:200::/56); # came
+@def $weasel6    = ($weasel6 2001:858:10f::/48); # anguilla
 @def $zobel6     = ();
 @def $luca6      = ();
 @def $DSA_V6_IPS = ($sgran6 $weasel6 $zobel6 $luca6);