RT #4908 - deploy XMPP service

[dsa-puppet.git] / modules / roles / manifests / rtc.pp

diff --git a/modules/roles/manifests/rtc.pp b/modules/roles/manifests/rtc.pp
index 497ff62a20984549116d31d66201d0845577fe30..c5e9da3d796de1496a014be6911ada5788c4a257 100644 (file)
--- a/modules/roles/manifests/rtc.pp
+++ b/modules/roles/manifests/rtc.pp
@@ -36,6 +36,27 @@ class roles::rtc {
                require     => File['/etc/ssl/debian/certs/sip-ws.debian.org.crt-chain'],
        }
 
+       @ferm::rule { 'dsa-xmpp-client-ip4':
+               domain      => 'ip',
+               description => 'XMPP connections (client to server)',
+               rule        => 'proto tcp dport (5222) ACCEPT'
+       }
+       @ferm::rule { 'dsa-xmpp-client-ip6':
+               domain      => 'ip6',
+               description => 'XMPP connections (client to server)',
+               rule        => 'proto tcp dport (5222) ACCEPT'
+       }
+       @ferm::rule { 'dsa-xmpp-server-ip4':
+               domain      => 'ip',
+               description => 'XMPP connections (server to server)',
+               rule        => 'proto tcp dport (5269) ACCEPT'
+       }
+       @ferm::rule { 'dsa-xmpp-server-ip6':
+               domain      => 'ip6',
+               description => 'XMPP connections (server to server)',
+               rule        => 'proto tcp dport (5269) ACCEPT'
+       }
+
        @ferm::rule { 'dsa-sip-ws-ip4':
                domain      => 'ip',
                description => 'SIP connections (WebSocket; for WebRTC)',