Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
rule => "&SERVICE_RANGE(tcp, rsync, ( 195.20.242.90 192.25.206.33 82.195.75.106 206.12.19.118 ))"
}
}
rule => "&SERVICE_RANGE(tcp, rsync, ( 195.20.242.90 192.25.206.33 82.195.75.106 206.12.19.118 ))"
}
}
@ferm::rule { "dsa-syslog":
description => "Allow syslog access",
rule => "&SERVICE_RANGE(tcp, 5140, \$HOST_DEBIAN_V4)"
@ferm::rule { "dsa-syslog":
description => "Allow syslog access",
rule => "&SERVICE_RANGE(tcp, 5140, \$HOST_DEBIAN_V4)"
-restrict_ssh = %w{lebrun logtest01 geo1 geo2 geo3 bartok beethoven tchaikovsky schroeder heininen handel}
+restrict_ssh = %w{lebrun logtest01 geo1 geo2 geo3 bartok beethoven tchaikovsky schroeder heininen handel lotti}
ssh4allowed = []
ssh6allowed = []
ssh4allowed = []
ssh6allowed = []
# is not a real hostname.
bad_hostname("^gconfd$");
# is not a real hostname.
bad_hostname("^gconfd$");
-<%- if hostname == "heininen" -%>
+<%- if (hostname == "heininen") || (hostname == "lotti") -%>
# we trust our mutual authenticated syslog clients
keep_hostname(yes);
<%- end -%>
# we trust our mutual authenticated syslog clients
keep_hostname(yes);
<%- end -%>
-<%- if hostname == "heininen" -%>
+<%- if (hostname == "heininen") || (hostname == "lotti") -%>
source s_network {
tcp6(port(5140) max-connections(200)
tls( key_file("/etc/exim4/ssl/thishost.key")
source s_network {
tcp6(port(5140) max-connections(200)
tls( key_file("/etc/exim4/ssl/thishost.key")
-<%- if hostname != "heininen" -%>
+<%- if (hostname != "heininen") || (hostname != "lotti") -%>
<%- if has_variable?("syslogversion") and syslogversion.to_s == "3" -%>
destination loghost-heininen {
tcp("heininen.debian.org" port (5140)
<%- if has_variable?("syslogversion") and syslogversion.to_s == "3" -%>
destination loghost-heininen {
tcp("heininen.debian.org" port (5140)
+destination loghost-lotti {
+ tcp("lotti.debian.org" port (5140)
+ tls( key_file("/etc/ssl/debian/keys/thishost.key")
+ cert_file("/etc/ssl/debian/certs/thishost.crt")
+ ca_dir("/etc/ssl/debian/certs/")
+ )
+ );
+};
log {
source(s_local);
destination(loghost-heininen);
log {
source(s_local);
destination(loghost-heininen);
+ destination(loghost-lotti);
};
<%- end -%>
<%- end -%>
};
<%- end -%>
<%- end -%>
-<%- if hostname == "heininen" -%>
+<%- if (hostname == "heininen") || (hostname == "lotti") -%>
###############################################################################
########## ON LOG HOST ########################################################
###############################################################################
###############################################################################
########## ON LOG HOST ########################################################
###############################################################################