From 084b46670a54c326944b9051e401bc3c4b14da7d Mon Sep 17 00:00:00 2001 From: Stephen Gran Date: Sun, 25 Jul 2010 23:33:39 +0100 Subject: [PATCH] add ferm::nfs-server module Signed-off-by: Stephen Gran --- modules/ferm/manifests/nfs-server.pp | 27 +++++++++++++++++++++++++++ modules/ferm/manifests/per-host.pp | 6 ++++++ 2 files changed, 33 insertions(+) create mode 100644 modules/ferm/manifests/nfs-server.pp diff --git a/modules/ferm/manifests/nfs-server.pp b/modules/ferm/manifests/nfs-server.pp new file mode 100644 index 00000000..8fc4f1a3 --- /dev/null +++ b/modules/ferm/manifests/nfs-server.pp @@ -0,0 +1,27 @@ +class ferm::nfs-server { + @ferm::rule { "dsa-portmap": + domain => "(ip ip6)", + description => "Allow portmap access", + rule => "&TCP_UDP_SERVICE(111)" + } + @ferm::rule { "dsa-nfs": + domain => "(ip ip6)", + description => "Allow nfsd access", + rule => "&TCP_UDP_SERVICE(2049)" + } + @ferm::rule { "dsa-status": + domain => "(ip ip6)", + description => "Allow statd access", + rule => "&TCP_UDP_SERVICE(10000)" + } + @ferm::rule { "dsa-mountd": + domain => "(ip ip6)", + description => "Allow mountd access", + rule => "&TCP_UDP_SERVICE(10002)" + } + @ferm::rule { "dsa-lockd": + domain => "(ip ip6)", + description => "Allow lockd access", + rule => "&TCP_UDP_SERVICE(10003)" + } +} diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp index d561e52d..0d2f5634 100644 --- a/modules/ferm/manifests/per-host.pp +++ b/modules/ferm/manifests/per-host.pp @@ -17,6 +17,12 @@ class ferm::per-host { } } + case $hostname { + ravel: { + include ferm::nfs-server + } + } + case $hostname { piatti: { @ferm::rule { "dsa-udd-stunnel": -- 2.39.2