4 ssl::service { 'www.debian.org':
7 ssl::service { 'sip-ws.debian.org':
10 concat { '/etc/ssl/debian/certs/www.debian.org-chained.crt':
11 notify => Exec['refresh_debian_hashes'],
13 concat::fragment { '/etc/ssl/debian/certs/www.debian.org.crt':
14 target => '/etc/ssl/debian/certs/www.debian.org-chained.crt',
15 source => 'file:///etc/ssl/debian/certs/www.debian.org.crt',
17 require => File['/etc/ssl/debian/certs/www.debian.org.crt'],
19 concat::fragment { '/etc/ssl/debian/certs/www.debian.org.crt-chain':
20 target => '/etc/ssl/debian/certs/www.debian.org-chained.crt',
21 source => 'file:///etc/ssl/debian/certs/www.debian.org.crt-chain',
23 require => File['/etc/ssl/debian/certs/www.debian.org.crt-chain'],
26 concat { '/etc/ssl/debian/certs/sip-ws.debian.org-chained.crt':
28 concat::fragment { '/etc/ssl/debian/certs/sip-ws.debian.org.crt':
29 target => '/etc/ssl/debian/certs/sip-ws.debian.org-chained.crt',
30 source => 'file:///etc/ssl/debian/certs/sip-ws.debian.org.crt',
32 require => File['/etc/ssl/debian/certs/sip-ws.debian.org.crt'],
34 concat::fragment { '/etc/ssl/debian/certs/sip-ws.debian.org.crt-chain':
35 target => '/etc/ssl/debian/certs/sip-ws.debian.org-chained.crt',
36 source => 'file:///etc/ssl/debian/certs/sip-ws.debian.org.crt-chain',
38 require => File['/etc/ssl/debian/certs/sip-ws.debian.org.crt-chain'],
41 @ferm::rule { 'dsa-sip-ws-ip4':
43 description => 'SIP connections (WebSocket; for WebRTC)',
44 rule => 'proto tcp dport (443) ACCEPT'
46 @ferm::rule { 'dsa-sip-ws-ip6':
48 description => 'SIP connections (WebSocket; for WebRTC)',
49 rule => 'proto tcp dport (443) ACCEPT'
51 @ferm::rule { 'dsa-sip-tls-ip4':
53 description => 'SIP connections (TLS)',
54 rule => 'proto tcp dport (5061) ACCEPT'
56 @ferm::rule { 'dsa-sip-tls-ip6':
58 description => 'SIP connections (TLS)',
59 rule => 'proto tcp dport (5061) ACCEPT'
61 @ferm::rule { 'dsa-turn-ip4':
63 description => 'TURN connections',
64 rule => 'proto udp dport (3478) ACCEPT'
66 @ferm::rule { 'dsa-turn-ip6':
68 description => 'TURN connections',
69 rule => 'proto udp dport (3478) ACCEPT'
71 @ferm::rule { 'dsa-turn-tls-ip4':
73 description => 'TURN connections (TLS)',
74 rule => 'proto tcp dport (5349) ACCEPT'
76 @ferm::rule { 'dsa-turn-tls-ip6':
78 description => 'TURN connections (TLS)',
79 rule => 'proto tcp dport (5349) ACCEPT'
81 @ferm::rule { 'dsa-rtp-ip4':
83 description => 'RTP streams',
84 rule => 'proto udp dport (49152:65535) ACCEPT'
86 @ferm::rule { 'dsa-rtp-ip6':
88 description => 'RTP streams',
89 rule => 'proto udp dport (49152:65535) ACCEPT'