a few more rules

Signed-off-by: Stephen Gran <steve@lobefin.net>

diff --git a/modules/apache2/manifests/init.pp b/modules/apache2/manifests/init.pp
index fc2de44f5ab93baf4d7d2d434836e96d829ead2c..9975b54606e6b2bb12837aed63161cc7ff1cec3e 100644 (file)
--- a/modules/apache2/manifests/init.pp
+++ b/modules/apache2/manifests/init.pp
@@ -129,4 +129,8 @@ class apache2 {
                command => "/etc/init.d/apache2 force-reload",
                refreshonly => true,
        }
+        ferm::rule { "dsa-apache":
+                description     => "Allow web access",
+                rule            => "proto tcp mod state state (NEW) dport (80) ACCEPT"
+        }
 }

diff --git a/modules/exim/manifests/init.pp b/modules/exim/manifests/init.pp
index 43dd108df4f6e3302d144f333cb01129a1d5d6f4..f488918a3395c0f8cff4d3e427159828c666c402 100644 (file)
--- a/modules/exim/manifests/init.pp
+++ b/modules/exim/manifests/init.pp
@@ -156,4 +156,8 @@ class exim {
         path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
         refreshonly => true,
     }
+    ferm::rule { "dsa-exim":
+            description     => "Allow smtp access",
+            rule            => "proto tcp mod state state (NEW) dport (25) ACCEPT"
+    }
 }

diff --git a/modules/named/manifests/init.pp b/modules/named/manifests/init.pp
index 5d2e250df297d42cc33f42b4e8982c7b9ed352ca..73c7cdcb31caf45f34d00cf8034df30d256f5aec 100644 (file)
--- a/modules/named/manifests/init.pp
+++ b/modules/named/manifests/init.pp
@@ -25,6 +25,10 @@ class named {
                         mode    => 775,
                         ;
         }
+        ferm::rule { "dsa-bind":
+                description     => "Allow nameserver access",
+                rule            => "proto (udp tcp) mod state state (NEW) dport (53) ACCEPT"
+        }
 }
 
 # vim: set fdm=marker ts=8 sw=8 et:

diff --git a/modules/ntp/manifests/init.pp b/modules/ntp/manifests/init.pp
index f46173556ee23ee64a7ba28566ed31d4d6c02ebc..00b3340b8bb6d861c8d0fabbc3cd1cdda4fd8bdf 100644 (file)
--- a/modules/ntp/manifests/init.pp
+++ b/modules/ntp/manifests/init.pp
@@ -25,4 +25,8 @@ class ntp {
                path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
                refreshonly => true,
        }
+        ferm::rule { "dsa-ntp":
+                description     => "Allow ntp access",
+                rule            => "proto udp mod state state (NEW) dport (123) ACCEPT"
+        }
 }