]> git.donarmstrong.com Git - dsa-puppet.git/blob - modules/roles/manifests/sip.pp
projects / dsa-puppet.git / blob
? search:


b9514d3ad71f1868ce4daf49e961b007a1a2431e
[dsa-puppet.git] / modules / roles / manifests / sip.pp
1 class roles::sip {
2         #include concat::setup
3
4         ssl::service { 'www.debian.org':
5         }
6
7         #concat { '/etc/ssl/debian/certs/www.debian.org-chained.crt':
8         #       ensure      => present,
9         #}
10         #concat::fragment { '/etc/ssl/debian/certs/www.debian.org.crt':
11         #       target      => '/etc/ssl/debian/certs/www.debian.org-chained.crt',
12         #       source      => 'file:///etc/ssl/debian/certs/www.debian.org.crt',
13         #       order       => 00,
14         #}
15         #concat::fragment { '/etc/ssl/debian/certs/www.debian.org.crt-chain':
16         #       target      => '/etc/ssl/debian/certs/www.debian.org-chained.crt',
17         #       source      => 'file:///etc/ssl/debian/certs/www.debian.org.crt-chain',
18         #       order       => 99,
19         #}
20
21         @ferm::rule { 'dsa-sip-ws-ip4':
22                 domain      => 'ip',
23                 description => 'SIP connections (WebSocket; for WebRTC)',
24                 rule        => 'proto tcp dport (443) ACCEPT'
25         }
26         @ferm::rule { 'dsa-sip-ws-ip6':
27                 domain      => 'ip6',
28                 description => 'SIP connections (WebSocket; for WebRTC)',
29                 rule        => 'proto tcp dport (443) ACCEPT'
30         }
31         @ferm::rule { 'dsa-sip-tls-ip4':
32                 domain      => 'ip',
33                 description => 'SIP connections (TLS)',
34                 rule        => 'proto tcp dport (5061) ACCEPT'
35         }
36         @ferm::rule { 'dsa-sip-tls-ip6':
37                 domain      => 'ip6',
38                 description => 'SIP connections (TLS)',
39                 rule        => 'proto tcp dport (5061) ACCEPT'
40         }
41         @ferm::rule { 'dsa-turn-ip4':
42                 domain      => 'ip',
43                 description => 'TURN connections',
44                 rule        => 'proto udp dport (3478) ACCEPT'
45         }
46         @ferm::rule { 'dsa-turn-ip6':
47                 domain      => 'ip6',
48                 description => 'TURN connections',
49                 rule        => 'proto udp dport (3478) ACCEPT'
50         }
51         @ferm::rule { 'dsa-turn-tls-ip4':
52                 domain      => 'ip',
53                 description => 'TURN connections (TLS)',
54                 rule        => 'proto tcp dport (5349) ACCEPT'
55         }
56         @ferm::rule { 'dsa-turn-tls-ip6':
57                 domain      => 'ip6',
58                 description => 'TURN connections (TLS)',
59                 rule        => 'proto tcp dport (5349) ACCEPT'
60         }
61         @ferm::rule { 'dsa-rtp-ip4':
62                 domain      => 'ip',
63                 description => 'RTP streams',
64                 rule        => 'proto udp dport (49152:65535) ACCEPT'
65         }
66         @ferm::rule { 'dsa-rtp-ip6':
67                 domain      => 'ip6',
68                 description => 'RTP streams',
69                 rule        => 'proto udp dport (49152:65535) ACCEPT'
70         }
71 }
Unnamed repository; edit this file 'description' to name the repository.