X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=modules%2Fferm%2Fmanifests%2Fper-host.pp;h=6f8b41860120b2259df03c253b7204fe5b1729c5;hb=d56ca7cb70039b036d91f93cfb33cb1fb7743e82;hp=818c2aaa5233a0c661ae123362d6c54718f19441;hpb=f66bb1737890b64acd529dfc23e8fd8e5b7d59bf;p=dsa-puppet.git diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp index 818c2aaa..6f8b4186 100644 --- a/modules/ferm/manifests/per-host.pp +++ b/modules/ferm/manifests/per-host.pp @@ -38,16 +38,6 @@ class ferm::per-host { rule => '&SERVICE(udp, 69)' } } - #paganini: { - # @ferm::rule { 'dsa-dhcp': - # description => 'Allow dhcp access', - # rule => '&SERVICE(udp, 67)' - # } - # @ferm::rule { 'dsa-tftp': - # description => 'Allow tftp access', - # rule => '&SERVICE(udp, 69)' - # } - #} lotti,lully: { @ferm::rule { 'dsa-syslog': description => 'Allow syslog access', @@ -223,17 +213,6 @@ class ferm::per-host { rule => '&SERVICE_RANGE(tcp, 5452, ( 2607:f8f0:610:4000:216:36ff:fe40:3860/128 2001:41b8:202:deb:216:36ff:fe40:4001/128 2001:41c8:1000:21::21:14/128 2001:41c8:1000:21::21:11/32 2001:41c8:1000:21::21:21/128 ))' } } - grieg: { - @ferm::rule { 'dsa-postgres-ullmann': - description => 'Allow postgress access', - rule => '&SERVICE_RANGE(tcp, 5433, ( 206.12.19.141/32 ))' - } - @ferm::rule { 'dsa-postgres-ullmann6': - domain => '(ip6)', - description => 'Allow postgress access', - rule => '&SERVICE_RANGE(tcp, 5433, ( 2607:f8f0:610:4000:6564:a62:ce0c:138d/128 ))' - } - } franck: { @ferm::rule { 'dsa-postgres-franck': description => 'Allow postgress access', @@ -244,6 +223,16 @@ class ferm::per-host { description => 'Allow postgress access', rule => '&SERVICE_RANGE(tcp, 5433, ( 2001:41c8:1000:21::21:10/128 ))' } + + @ferm::rule { 'dsa-postgres-backup': + description => 'Allow postgress access', + rule => '&SERVICE_RANGE(tcp, 5433, ( 5.153.231.12/32 ))' + } + @ferm::rule { 'dsa-postgres-backup6': + domain => 'ip6', + description => 'Allow postgress access', + rule => '&SERVICE_RANGE(tcp, 5433, ( 2001:41c8:1000:21::21:12/128 ))' + } } bmdb1: { @ferm::rule { 'dsa-postgres-main': @@ -284,6 +273,17 @@ class ferm::per-host { description => 'Allow postgress access1', rule => '&SERVICE_RANGE(tcp, 5437, ( 2001:41c8:1000:21::21:19/128 ))' } + + @ferm::rule { 'dsa-postgres-backup': + # ubc, wuit + description => 'Allow postgress access', + rule => '&SERVICE_RANGE(tcp, (5435 5436), ( 5.153.231.12/32 ))' + } + @ferm::rule { 'dsa-postgres-backup6': + domain => 'ip6', + description => 'Allow postgress access', + rule => '&SERVICE_RANGE(tcp, (5435 5436), ( 2001:41c8:1000:21::21:12/128 ))' + } } danzi: { @ferm::rule { 'dsa-postgres-danzi': @@ -310,6 +310,37 @@ class ferm::per-host { rule => '&SERVICE_RANGE(tcp, 5438, ( 206.12.19.0/24 ))' } + @ferm::rule { 'dsa-postgres-backup': + description => 'Allow postgress access', + rule => '&SERVICE_RANGE(tcp, 5433, ( 5.153.231.12/32 ))' + } + @ferm::rule { 'dsa-postgres-backup6': + domain => 'ip6', + description => 'Allow postgress access', + rule => '&SERVICE_RANGE(tcp, 5433, ( 2001:41c8:1000:21::21:12/128 ))' + } + } + chopin: { + @ferm::rule { 'dsa-postgres-backup': + description => 'Allow postgress access', + rule => '&SERVICE_RANGE(tcp, 5432, ( 5.153.231.12/32 ))' + } + @ferm::rule { 'dsa-postgres-backup6': + domain => 'ip6', + description => 'Allow postgress access', + rule => '&SERVICE_RANGE(tcp, 5432, ( 2001:41c8:1000:21::21:12/128 ))' + } + } + sibelius: { + @ferm::rule { 'dsa-postgres-backup': + description => 'Allow postgress access', + rule => '&SERVICE_RANGE(tcp, 5433, ( 5.153.231.12/32 ))' + } + @ferm::rule { 'dsa-postgres-backup6': + domain => 'ip6', + description => 'Allow postgress access', + rule => '&SERVICE_RANGE(tcp, 5433, ( 2001:41c8:1000:21::21:12/128 ))' + } } default: {} }