@ferm::rule { 'dsa-exim':
description => 'Allow SMTP',
- rule => '&SERVICE_RANGE(tcp, $mail_port, \$SMTP_SOURCES)'
+ rule => '&SERVICE_RANGE(tcp, $mail_port, $SMTP_SOURCES)'
}
@ferm::rule { 'dsa-exim-v6':
description => 'Allow SMTP',
domain => 'ip6',
- rule => '&SERVICE_RANGE(tcp, $mail_port, \$SMTP_V6_SOURCES)'
+ rule => '&SERVICE_RANGE(tcp, $mail_port, $SMTP_V6_SOURCES)'
}
# Do we actually want this? I'm only doing it because it's harmless
@ferm::rule { 'dsa-exim-submission':
description => 'Allow SMTP',
- rule => '&SERVICE_RANGE(tcp, submission, \$SMTP_SOURCES)'
+ rule => '&SERVICE_RANGE(tcp, submission, $SMTP_SOURCES)'
}
@ferm::rule { 'dsa-exim-v6-submission':
description => 'Allow SMTP',
domain => 'ip6',
- rule => '&SERVICE_RANGE(tcp, submission, \$SMTP_V6_SOURCES)',
+ rule => '&SERVICE_RANGE(tcp, submission, $SMTP_V6_SOURCES)',
}
}
handel: {
@ferm::rule { 'dsa-puppet':
description => 'Allow puppet access',
- rule => '&SERVICE_RANGE(tcp, 8140, \$HOST_DEBIAN_V4)'
+ rule => '&SERVICE_RANGE(tcp, 8140, $HOST_DEBIAN_V4)'
}
@ferm::rule { 'dsa-puppet-v6':
domain => 'ip6',
description => 'Allow puppet access',
- rule => '&SERVICE_RANGE(tcp, 8140, \$HOST_DEBIAN_V6)'
+ rule => '&SERVICE_RANGE(tcp, 8140, $HOST_DEBIAN_V6)'
}
}
powell: {
heininen,lotti: {
@ferm::rule { 'dsa-syslog':
description => 'Allow syslog access',
- rule => '&SERVICE_RANGE(tcp, 5140, \$HOST_DEBIAN_V4)'
+ rule => '&SERVICE_RANGE(tcp, 5140, $HOST_DEBIAN_V4)'
}
@ferm::rule { 'dsa-syslog-v6':
domain => 'ip6',
description => 'Allow syslog access',
- rule => '&SERVICE_RANGE(tcp, 5140, \$HOST_DEBIAN_V6)'
+ rule => '&SERVICE_RANGE(tcp, 5140, $HOST_DEBIAN_V6)'
}
}
kaufmann: {
}
@ferm::rule { 'dsa-time':
description => 'Allow time access',
- rule => '&SERVICE_RANGE(tcp, time, \$HOST_NAGIOS_V4)'
+ rule => '&SERVICE_RANGE(tcp, time, $HOST_NAGIOS_V4)'
}
}
@ferm::rule { 'dsa-munin-v4':
description => 'Allow munin from munin master',
- rule => 'proto tcp mod state state (NEW) dport (munin) @subchain \'munin\' { saddr (\$HOST_MUNIN_V4 \$HOST_NAGIOS_V4) ACCEPT; }',
+ rule => 'proto tcp mod state state (NEW) dport (munin) @subchain \'munin\' { saddr ($HOST_MUNIN_V4 $HOST_NAGIOS_V4) ACCEPT; }',
notarule => true,
}
@ferm::rule { 'dsa-munin-v6':
description => 'Allow munin from munin master',
domain => 'ip6',
- rule => 'proto tcp mod state state (NEW) dport (munin) @subchain \'munin\' { saddr (\$HOST_MUNIN_V6 \$HOST_NAGIOS_V6) ACCEPT; }',
+ rule => 'proto tcp mod state state (NEW) dport (munin) @subchain \'munin\' { saddr ($HOST_MUNIN_V6 $HOST_NAGIOS_V6) ACCEPT; }',
notarule => true,
}
}
@ferm::rule { 'dsa-nagios-v4':
description => 'Allow nrpe from nagios master',
- rule => 'proto tcp mod state state (NEW) dport (5666) @subchain \'nagios\' { saddr (\$HOST_NAGIOS_V4) ACCEPT; }',
+ rule => 'proto tcp mod state state (NEW) dport (5666) @subchain \'nagios\' { saddr ($HOST_NAGIOS_V4) ACCEPT; }',
notarule => true,
}
@ferm::rule { 'dsa-nagios-v6':
description => 'Allow nrpe from nagios master',
domain => 'ip6',
- rule => 'proto tcp mod state state (NEW) dport (5666) @subchain \'nagios\' { saddr (\$HOST_NAGIOS_V6) ACCEPT; }',
+ rule => 'proto tcp mod state state (NEW) dport (5666) @subchain \'nagios\' { saddr ($HOST_NAGIOS_V6) ACCEPT; }',
notarule => true,
}
@ferm::rule { 'dsa-ssh':
description => 'Allow SSH from DSA',
- rule => '&SERVICE_RANGE(tcp, ssh, \$SSH_SOURCES)'
+ rule => '&SERVICE_RANGE(tcp, ssh, $SSH_SOURCES)'
}
@ferm::rule { 'dsa-ssh-v6':
description => 'Allow SSH from DSA',
domain => 'ip6',
- rule => '&SERVICE_RANGE(tcp, ssh, \$SSH_V6_SOURCES)'
+ rule => '&SERVICE_RANGE(tcp, ssh, $SSH_V6_SOURCES)'
}
file { '/etc/ssh/ssh_config':
projects / dsa-puppet.git / commitdiff