Allow bt ports between static hosts

diff --git a/modules/roles/manifests/static_base.pp b/modules/roles/manifests/static_base.pp
index 6d4c33dd2e3ac818b39951c9c32af59dd2511ce5..ed1f55f2520f1997153525e6a532ab5976d162d2 100644 (file)
--- a/modules/roles/manifests/static_base.pp
+++ b/modules/roles/manifests/static_base.pp
@@ -20,4 +20,16 @@ class roles::static_base {
        }
        file { '/usr/local/bin/static-mirror-ssh-wrap': ensure => absent; }
        file { '/usr/local/bin/static-master-ssh-wrap': ensure => absent; }
+
+       @ferm::rule { 'dsa-static-bt-v4':
+               description => 'Allow bt between static hosts',
+               rule        => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881-6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V4) ACCEPT; }',
+               notarule    => true,
+       }
+       @ferm::rule { 'dsa-static-bt-v6':
+               description => 'Allow bt between static hosts',
+               domain      => 'ip6',
+               rule        => 'proto tcp mod state state (NEW) mod multiport destination-ports (6881-6999) @subchain \'static-bt\' { saddr ($HOST_STATIC_V6) ACCEPT; }',
+               notarule    => true,
+       }
 }