X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=modules%2Fferm%2Fmanifests%2Fper-host.pp;h=ff00a77e362746cd3f95a5a25ae8c0a49f936163;hb=7020499a9b71a59f0a4c0b4f8159955b35eb6556;hp=6f6cdf7e7c15ffa25e2a996a83419266223f7a01;hpb=55be9061b15c4956c5496ad9bdec3b97c54c6a9a;p=dsa-puppet.git

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 6f6cdf7e..ff00a77e 100644
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -38,16 +38,6 @@ class ferm::per-host {
 				rule            => '&SERVICE(udp, 69)'
 			}
 		}
-		#paganini: {
-		#	@ferm::rule { 'dsa-dhcp':
-		#		description     => 'Allow dhcp access',
-		#		rule            => '&SERVICE(udp, 67)'
-		#	}
-		#	@ferm::rule { 'dsa-tftp':
-		#		description     => 'Allow tftp access',
-		#		rule            => '&SERVICE(udp, 69)'
-		#	}
-		#}
 		lotti,lully: {
 			@ferm::rule { 'dsa-syslog':
 				description     => 'Allow syslog access',
@@ -74,11 +64,6 @@ class ferm::per-host {
 			}
 		}
 		draghi: {
-			#@ferm::rule { 'dsa-bind':
-			#    domain          => '(ip ip6)',
-			#    description     => 'Allow nameserver access',
-			#    rule            => '&TCP_UDP_SERVICE(53)'
-			#}
 			@ferm::rule { 'dsa-finger':
 				domain          => '(ip ip6)',
 				description     => 'Allow finger access',
@@ -207,10 +192,11 @@ class ferm::per-host {
 	# solr stuff
 	case $::hostname {
 		stockhausen: {
-			@ferm::rule { 'dsa-postgres-jetty':
+			@ferm::rule { 'dsa-solr-jetty':
 				description     => 'Allow jetty access',
-				rule            => '&SERVICE_RANGE(tcp, 80, ( 82.195.75.100/32 ))'
+				rule            => '&SERVICE_RANGE(tcp, 8080, ( 82.195.75.100/32 ))'
 			}
+		}
 	}
 
 	# postgres stuff
@@ -227,17 +213,6 @@ class ferm::per-host {
 				rule            => '&SERVICE_RANGE(tcp, 5452, ( 2607:f8f0:610:4000:216:36ff:fe40:3860/128 2001:41b8:202:deb:216:36ff:fe40:4001/128 2001:41c8:1000:21::21:14/128 2001:41c8:1000:21::21:11/32 2001:41c8:1000:21::21:21/128 ))'
 			}
 		}
-		grieg: {
-			@ferm::rule { 'dsa-postgres-ullmann':
-				description     => 'Allow postgress access',
-				rule            => '&SERVICE_RANGE(tcp, 5433, ( 206.12.19.141/32 ))'
-			}
-			@ferm::rule { 'dsa-postgres-ullmann6':
-				domain          => '(ip6)',
-				description     => 'Allow postgress access',
-				rule            => '&SERVICE_RANGE(tcp, 5433, ( 2607:f8f0:610:4000:6564:a62:ce0c:138d/128 ))'
-			}
-		}
 		franck: {
 			@ferm::rule { 'dsa-postgres-franck':
 				description     => 'Allow postgress access',
@@ -248,6 +223,16 @@ class ferm::per-host {
 				description     => 'Allow postgress access',
 				rule            => '&SERVICE_RANGE(tcp, 5433, ( 2001:41c8:1000:21::21:10/128 ))'
 			}
+
+			@ferm::rule { 'dsa-postgres-backup':
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, 5433, ( 5.153.231.12/32 ))'
+			}
+			@ferm::rule { 'dsa-postgres-backup6':
+				domain          => 'ip6',
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, 5433, ( 2001:41c8:1000:21::21:12/128 ))'
+			}
 		}
 		bmdb1: {
 			@ferm::rule { 'dsa-postgres-main':
@@ -288,6 +273,28 @@ class ferm::per-host {
 				description     => 'Allow postgress access1',
 				rule            => '&SERVICE_RANGE(tcp, 5437, ( 2001:41c8:1000:21::21:19/128 ))'
 			}
+
+			@ferm::rule { 'dsa-postgres-backup':
+				# ubc, wuit
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, (5435 5436), ( 5.153.231.12/32 ))'
+			}
+			@ferm::rule { 'dsa-postgres-backup6':
+				domain          => 'ip6',
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, (5435 5436), ( 2001:41c8:1000:21::21:12/128 ))'
+			}
+
+			@ferm::rule { 'dsa-postgres-dedup':
+				# ubc, wuit
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, (5439), ( 5.153.231.17/32 ))'
+			}
+			@ferm::rule { 'dsa-postgres-dedup':
+				domain          => 'ip6',
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, (5439), ( 2001:41c8:1000:21::21:17/128 ))'
+			}
 		}
 		danzi: {
 			@ferm::rule { 'dsa-postgres-danzi':
@@ -314,6 +321,37 @@ class ferm::per-host {
 				rule            => '&SERVICE_RANGE(tcp, 5438, ( 206.12.19.0/24 ))'
 			}
 
+			@ferm::rule { 'dsa-postgres-backup':
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, 5433, ( 5.153.231.12/32 ))'
+			}
+			@ferm::rule { 'dsa-postgres-backup6':
+				domain          => 'ip6',
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, 5433, ( 2001:41c8:1000:21::21:12/128 ))'
+			}
+		}
+		chopin: {
+			@ferm::rule { 'dsa-postgres-backup':
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, 5432, ( 5.153.231.12/32 ))'
+			}
+			@ferm::rule { 'dsa-postgres-backup6':
+				domain          => 'ip6',
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, 5432, ( 2001:41c8:1000:21::21:12/128 ))'
+			}
+		}
+		sibelius: {
+			@ferm::rule { 'dsa-postgres-backup':
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, 5433, ( 5.153.231.12/32 ))'
+			}
+			@ferm::rule { 'dsa-postgres-backup6':
+				domain          => 'ip6',
+				description     => 'Allow postgress access',
+				rule            => '&SERVICE_RANGE(tcp, 5433, ( 2001:41c8:1000:21::21:12/128 ))'
+			}
 		}
 		default: {}
 	}