From: Stephen Gran <steve@lobefin.net>
Date: Wed, 12 May 2010 17:47:06 +0000 (+0100)
Subject: a few powell  specific rules
X-Git-Url: https://git.donarmstrong.com/?a=commitdiff_plain;h=6a38c031b5e13810ee0b915748c3b737bf92246a;p=dsa-puppet.git

a few powell  specific rules

Signed-off-by: Stephen Gran <steve@lobefin.net>
---

diff --git a/manifests/site.pp b/manifests/site.pp
index 00b1f911..84bccf12 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -146,6 +146,16 @@ node default {
 		    rule            => "&SERVICE_RANGE(tcp, 8140, \$HOST_DEBIAN_V6)"
 	   }
         }
+	powell: {
+	   @ferm::rule { "dsa-powell-v6-tunnel":
+		    description     => "Allow powell to use V6 tunnel broker",
+		    rule            => "proto ipv6 saddr 212.227.117.6 jump ACCEPT"
+	   }
+	   @ferm::rule { "dsa-powell-btseed":
+		    description     => "Allow powell to seed BT",
+		    rule            => "proto tcp dport 8000:8100 jump ACCEPT"
+	   }
+	}
 	beethoven: {
 	   @ferm::rule { "dsa-merikanto-beethoven":
 		    description     => "Allow merikanto",  # for nfs, and that uses all kind of ports by default.