X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=modules%2Fferm%2Fmanifests%2Fper-host.pp;h=818c2aaa5233a0c661ae123362d6c54718f19441;hb=f66bb1737890b64acd529dfc23e8fd8e5b7d59bf;hp=2401338063a1b6c26b47f87d3f37d556df8094e0;hpb=823568d2e4cad6f5b1a1a2fad73316f516601f62;p=dsa-puppet.git diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp index 24013380..818c2aaa 100644 --- a/modules/ferm/manifests/per-host.pp +++ b/modules/ferm/manifests/per-host.pp @@ -74,11 +74,6 @@ class ferm::per-host { } } draghi: { - #@ferm::rule { 'dsa-bind': - # domain => '(ip ip6)', - # description => 'Allow nameserver access', - # rule => '&TCP_UDP_SERVICE(53)' - #} @ferm::rule { 'dsa-finger': domain => '(ip ip6)', description => 'Allow finger access', @@ -204,6 +199,16 @@ class ferm::per-host { default: {} } + # solr stuff + case $::hostname { + stockhausen: { + @ferm::rule { 'dsa-solr-jetty': + description => 'Allow jetty access', + rule => '&SERVICE_RANGE(tcp, 8080, ( 82.195.75.100/32 ))' + } + } + } + # postgres stuff case $::hostname { ullmann: { @@ -243,12 +248,12 @@ class ferm::per-host { bmdb1: { @ferm::rule { 'dsa-postgres-main': description => 'Allow postgress access', - rule => '&SERVICE_RANGE(tcp, 5435, ( 5.153.231.14/32 5.153.231.23/32 ))' + rule => '&SERVICE_RANGE(tcp, 5435, ( 5.153.231.14/32 5.153.231.23/32 5.153.231.25/32 206.12.19.141/32 ))' } @ferm::rule { 'dsa-postgres-main6': domain => 'ip6', description => 'Allow postgress access', - rule => '&SERVICE_RANGE(tcp, 5435, ( 2001:41c8:1000:21::21:14/128 2001:41c8:1000:21::21:23/128 ))' + rule => '&SERVICE_RANGE(tcp, 5435, ( 2001:41c8:1000:21::21:14/128 2001:41c8:1000:21::21:23/128 2001:41c8:1000:21::21:25/128 2607:f8f0:610:4000:6564:a62:ce0c:138d/128 ))' } @ferm::rule { 'dsa-postgres-dak': description => 'Allow postgress access',