X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=modules%2Fferm%2Fmanifests%2Fper-host.pp;h=3ff1615dd44642b392d0e4b1efef4600a14a03da;hb=4b460293e35b6adceea7ef7d57e36daa9184294c;hp=12c0caedf533021d59779ba5d3bf8d38a63c2d11;hpb=72eb136220432ac64d41f783c8d7c7b9eb01948a;p=dsa-puppet.git

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 12c0caed..3ff1615d 100644
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -18,18 +18,6 @@ class ferm::per-host {
 				rule         => '&SERVICE_RANGE(tcp, http-alt, ( 192.25.206.16 70.103.162.29 217.196.43.134 ))'
 			}
 		}
-		ullmann: {
-			@ferm::rule { 'dsa-postgres-udd':
-				description     => 'Allow postgress access',
-				# quantz, wagner, master, couper
-				rule            => '&SERVICE_RANGE(tcp, 5452, ( 206.12.19.122/32 217.196.43.134/32 217.196.43.132/32 82.195.75.110/32 5.153.231.14/32 ))'
-			}
-			@ferm::rule { 'dsa-postgres-udd6':
-				domain          => '(ip6)',
-				description     => 'Allow postgress access',
-				rule            => '&SERVICE_RANGE(tcp, 5452, ( 2607:f8f0:610:4000:216:36ff:fe40:3860/128 2001:41b8:202:deb:216:36ff:fe40:4001/128 2001:41c8:1000:21::21:14/128 ))'
-			}
-		}
 		czerny,clementi: {
 			@ferm::rule { 'dsa-upsmon':
 				description     => 'Allow upsmon access',
@@ -209,7 +197,19 @@ class ferm::per-host {
 
 	# postgres stuff
 	case $::hostname {
-		grieg: {
+		ullmann: {
+			@ferm::rule { 'dsa-postgres-udd':
+				description     => 'Allow postgress access',
+				# quantz, wagner, master, couper, coccia, franck
+				rule            => '&SERVICE_RANGE(tcp, 5452, ( 206.12.19.122/32 217.196.43.134/32 217.196.43.132/32 82.195.75.110/32 5.153.231.14/32 5.153.231.11/32 138.16.160.12/32 ))'
+			}
+			@ferm::rule { 'dsa-postgres-udd6':
+				domain          => '(ip6)',
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, 5452, ( 2607:f8f0:610:4000:216:36ff:fe40:3860/128 2001:41b8:202:deb:216:36ff:fe40:4001/128 2001:41c8:1000:21::21:14/128 2001:41c8:1000:21::21:11/32 ))'
+			}
+		}
+		grieg,wuiet: {
 			@ferm::rule { 'dsa-postgres-ullmann':
 				description     => 'Allow postgress access',
 				rule            => '&SERVICE_RANGE(tcp, 5433, ( 206.12.19.141/32 ))'