X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=modules%2Fferm%2Ffiles%2Fdefs.conf;h=d368667fe2547b2f2ec8a331b0b7e470af0038e1;hb=da5b05d87ed12648ab7f245e26f2e2d7292f1588;hp=b5d019dab0fdd883b83ca6659555121d5226d1ab;hpb=5e44ff243547aa2036db0cc1af549f4b9523e6b4;p=dsa-puppet.git diff --git a/modules/ferm/files/defs.conf b/modules/ferm/files/defs.conf index b5d019da..d368667f 100644 --- a/modules/ferm/files/defs.conf +++ b/modules/ferm/files/defs.conf @@ -1,34 +1,38 @@ -@def &SERVICE($proto, $port) = { - domain (ip ip6) chain INPUT proto $proto dport $port ACCEPT; -} +## +## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE. +## USE: git clone git+ssh://$USER@puppet.debian.org/srv/puppet.debian.org/git/dsa-puppet.git +## -@def &V4_SERVICE($proto, $port) = { - domain ip chain INPUT proto $proto dport $port ACCEPT; -} - -@def &V6_SERVICE($proto, $port) = { - domain ip6 chain INPUT proto $proto dport $port ACCEPT; +@def &SERVICE($proto, $port) = { + proto $proto mod state state (NEW) dport $port ACCEPT; } -@def &V4_SERVICE_RANGE($proto, $port, $srange) = { - domain ip chain INPUT proto $proto dport $port saddr $srange ACCEPT; +@def &SERVICE_RANGE($proto, $port, $srange) = { + proto $proto mod state state (NEW) dport $port saddr ($srange) ACCEPT; } -@def &V6_SERVICE_RANGE($proto, $port, $srange) = { - domain ip6 chain INPUT proto $proto dport $port saddr $srange ACCEPT; +@def &TCP_UDP_SERVICE($port) = { + proto (tcp udp) mod state state (NEW) dport $port ACCEPT; } -@def $HOST_MUNIN = (192.25.206.57 192.25.206.33); -@def $HOST_NAGIOS = (192.25.206.57 192.25.206.33); +@def $HOST_MUNIN = (192.25.206.33); +@def $HOST_NAGIOS = (206.12.19.118); @def $sgran = (91.103.132.24/29); -@def $weasel = (); +@def $weasel = () +@def $weasel = ($weasel 86.59.118.144/28); # debian@sil +@def $weasel = ($weasel 86.59.21.32/29); # anguilla1 +@def $weasel = ($weasel 86.59.30.32/28); # anguilla2 +@def $weasel = ($weasel 141.201.27.0/24); # came +@def $weasel = ($weasel 62.99.152.178); # argos.campus-sbg @def $zobel = (); @def $luca = (); @def $DSA_IPS = ($sgran $weasel $zobel $luca); @def $sgran6 = (2001:4b10:100b::/48); @def $weasel6 = (); +@def $weasel6 = ($weasel6 2001:826:408:200::/56); # came +@def $weasel6 = ($weasel6 2001:858:10f::/48); # anguilla @def $zobel6 = (); @def $luca6 = (); @def $DSA_V6_IPS = ($sgran6 $weasel6 $zobel6 $luca6);