From: Tollef Fog Heen <tfheen@err.no>
Date: Sat, 16 Jun 2012 14:37:56 +0000 (+0200)
Subject: Allow some bacula director traffic too
X-Git-Url: https://git.donarmstrong.com/?a=commitdiff_plain;h=ac7237e71c25afe4277e1140e57c142fe8d4a458;p=dsa-puppet.git

Allow some bacula director traffic too
---

diff --git a/modules/bacula/manifests/client.pp b/modules/bacula/manifests/client.pp
index 4703294f..879978cf 100644
--- a/modules/bacula/manifests/client.pp
+++ b/modules/bacula/manifests/client.pp
@@ -31,7 +31,7 @@ class bacula::client inherits bacula {
   }
 
   @ferm::rule { 'dsa-bacula-fd':
-    domain      => '(ip ip6)',
+    domain      => '(ip)',
     description => 'Allow bacula access from storage and director',
     rule        => "proto tcp mod state state (NEW) dport (bacula-fd) saddr ($bacula_director_address) ACCEPT",
   }
diff --git a/modules/bacula/manifests/director.pp b/modules/bacula/manifests/director.pp
index 40720b74..45b65e52 100644
--- a/modules/bacula/manifests/director.pp
+++ b/modules/bacula/manifests/director.pp
@@ -53,4 +53,11 @@ class bacula::director inherits bacula {
   $allhosts = keys($site::allnodeinfo)
 
   bacula_client { $allhosts: }
+
+  @ferm::rule { 'dsa-bacula-dir':
+    domain      => '(ip ip6)',
+    description => 'Allow bacula access from localhost,
+    rule        => "proto tcp mod state state (NEW) dport (bacula-dir) saddr ($bacula_director_address localhost) ACCEPT",
+  }
+
 }