From b507681f854f09cfc91da7b0b3a625c9d3c30022 Mon Sep 17 00:00:00 2001 From: Martin Zobel-Helas Date: Mon, 18 Jan 2010 21:14:16 +0100 Subject: [PATCH 1/1] ferm initial checkin --- manifests/site.pp | 3 +++ modules/munin-node/manifests/init.pp | 5 +++++ modules/nagios/manifests/init.pp | 5 +++++ modules/ssh/manifests/init.pp | 7 +++++++ 4 files changed, 20 insertions(+) diff --git a/manifests/site.pp b/manifests/site.pp index 64b54d2d..4525e506 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -83,4 +83,7 @@ node default { case $hoster { "ubcece", "darmstadt", "ftcollins", "grnet": { include resolv } } + case $hostname { + brahms: { include ferm } + } } diff --git a/modules/munin-node/manifests/init.pp b/modules/munin-node/manifests/init.pp index 29bef07f..5b61d167 100644 --- a/modules/munin-node/manifests/init.pp +++ b/modules/munin-node/manifests/init.pp @@ -75,5 +75,10 @@ class munin-node { path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin", refreshonly => true, } + ferm::rule { "dsa-munin": + description => "Allow munin-node from spohr.debian.org", + rule => "proto tcp dport 4949 saddr $HOST_MUNIN ACCEPT" + prio => "02" + } } diff --git a/modules/nagios/manifests/init.pp b/modules/nagios/manifests/init.pp index 13c0dc91..f3e3cbcb 100644 --- a/modules/nagios/manifests/init.pp +++ b/modules/nagios/manifests/init.pp @@ -2,4 +2,9 @@ class nagios { package { nagios-nrpe-server: ensure => installed; } + ferm::rule { "dsa-nagios": + description => "Allow nrpe from spohr.debian.org", + rule => "proto tcp dport 5666 saddr $HOST_NAGIOS ACCEPT" + prio => "03" + } } diff --git a/modules/ssh/manifests/init.pp b/modules/ssh/manifests/init.pp index 13a7e0ba..b3e32e34 100644 --- a/modules/ssh/manifests/init.pp +++ b/modules/ssh/manifests/init.pp @@ -37,4 +37,11 @@ class ssh { path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin", refreshonly => true, } + ferm::rule { "dsa-ssh": + description => "Allow SSH", + rule => "proto tcp dport ssh ACCEPT", + domain => "(ip ip6)", + prio => "01" + } + } -- 2.39.2