Allow traffic from bacula-director to fd

author Tollef Fog Heen <tfheen@err.no>

Sat, 16 Jun 2012 11:01:16 +0000 (13:01 +0200)

committer Tollef Fog Heen <tfheen@err.no>

Sat, 16 Jun 2012 11:01:16 +0000 (13:01 +0200)
author Tollef Fog Heen <tfheen@err.no>
Sat, 16 Jun 2012 11:01:16 +0000 (13:01 +0200)
committer Tollef Fog Heen <tfheen@err.no>
Sat, 16 Jun 2012 11:01:16 +0000 (13:01 +0200)
diff --git a/modules/bacula/manifests/client.pp b/modules/bacula/manifests/client.pp

index 4ab2b5930e1c7ee5cf060105a26c35e9edac219a..4cbe24c8cb6893e3733e21273ff911c6b5beb042 100644 (file)
--- a/modules/bacula/manifests/client.pp
+++ b/modules/bacula/manifests/client.pp
@@ -29,4 +29,10 @@ class bacula::client inherits bacula {
        path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
        refreshonly => true;
    }
+
+  @ferm::rule { 'dsa-bacula-fd':
+    domain      => '(ip ip6)',
+    description => 'Allow bacula access from storage and director',
+    rule        => 'proto tcp mod state state (NEW) dport (bacula-fd) @subchain \'bacula\' { saddr ($bacula_director_address) ACCEPT; }',
+  }
  }
author	Tollef Fog Heen <tfheen@err.no>
	Sat, 16 Jun 2012 11:01:16 +0000 (13:01 +0200)
committer	Tollef Fog Heen <tfheen@err.no>
	Sat, 16 Jun 2012 11:01:16 +0000 (13:01 +0200)