From 084b46670a54c326944b9051e401bc3c4b14da7d Mon Sep 17 00:00:00 2001
From: Stephen Gran <steve@lobefin.net>
Date: Sun, 25 Jul 2010 23:33:39 +0100
Subject: [PATCH] add ferm::nfs-server module
Signed-off-by: Stephen Gran <steve@lobefin.net>
---
modules/ferm/manifests/nfs-server.pp | 27 +++++++++++++++++++++++++++
modules/ferm/manifests/per-host.pp | 6 ++++++
2 files changed, 33 insertions(+)
create mode 100644 modules/ferm/manifests/nfs-server.pp
diff --git a/modules/ferm/manifests/nfs-server.pp b/modules/ferm/manifests/nfs-server.pp
new file mode 100644
index 00000000..8fc4f1a3
--- /dev/null
+++ b/modules/ferm/manifests/nfs-server.pp
@@ -0,0 +1,27 @@
+class ferm::nfs-server {
+ @ferm::rule { "dsa-portmap":
+ domain => "(ip ip6)",
+ description => "Allow portmap access",
+ rule => "&TCP_UDP_SERVICE(111)"
+ }
+ @ferm::rule { "dsa-nfs":
+ domain => "(ip ip6)",
+ description => "Allow nfsd access",
+ rule => "&TCP_UDP_SERVICE(2049)"
+ }
+ @ferm::rule { "dsa-status":
+ domain => "(ip ip6)",
+ description => "Allow statd access",
+ rule => "&TCP_UDP_SERVICE(10000)"
+ }
+ @ferm::rule { "dsa-mountd":
+ domain => "(ip ip6)",
+ description => "Allow mountd access",
+ rule => "&TCP_UDP_SERVICE(10002)"
+ }
+ @ferm::rule { "dsa-lockd":
+ domain => "(ip ip6)",
+ description => "Allow lockd access",
+ rule => "&TCP_UDP_SERVICE(10003)"
+ }
+}
diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index d561e52d..0d2f5634 100644
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -17,6 +17,12 @@ class ferm::per-host {
}
}
+ case $hostname {
+ ravel: {
+ include ferm::nfs-server
+ }
+ }
+
case $hostname {
piatti: {
@ferm::rule { "dsa-udd-stunnel":
--
2.39.5