]> git.donarmstrong.com Git - dsa-puppet.git/commitdiff
projects / dsa-puppet.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0f98c01)
add cilea
authorMartin Zobel-Helas <zobel@debian.org>
Thu, 12 Aug 2010 20:02:01 +0000 (22:02 +0200)
committerMartin Zobel-Helas <zobel@debian.org>
Thu, 12 Aug 2010 20:02:01 +0000 (22:02 +0200)
manifests/site.pp patch | blob | history
modules/ferm/files/conntrack_sip.conf [new file with mode: 0644] patch | blob
modules/ferm/manifests/per-host.pp patch | blob | history

diff --git a/manifests/site.pp b/manifests/site.pp
index fa9bcd14eb2ffc81536c384d85c61525a94bb3af..c43378fdaeb6aeea092b8e0a8ca87f2f5f0b5568 100644 (file)
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -87,7 +87,7 @@ node default {
     }
 
     case $hostname {
-        cilea,paganini: {}
+        paganini: {}
         default: {
              case $kernel {
                  Linux: {
diff --git a/modules/ferm/files/conntrack_sip.conf b/modules/ferm/files/conntrack_sip.conf
new file mode 100644 (file)
index 0000000..f93ce2c
--- /dev/null
+++ b/modules/ferm/files/conntrack_sip.conf
@@ -0,0 +1,2 @@
+hook pre 'modprobe nf_conntrack_sip || true';
+hook pre 'modprobe nf_conntrack_h323 || true';
diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index d515e37cfac52560c458b8a112104cd5375ca5d8..890de74d7df5f33d23e348a9986d27eb30f7e5c4 100644 (file)
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -108,6 +108,24 @@ class ferm::per-host {
                     rule            => "&SERVICE(tcp, 636)"
            }
         }
+       cilea: {
+            file {
+                "/etc/ferm/conf.d/load_sip_conntrack.conf":
+                    source => "puppet:///ferm/conntrack_sip.conf",
+                    require => Package["ferm"],
+                    notify  => Exec["ferm restart"];
+            },
+            @ferm::rule { "dsa-sip":
+                    domain          => "(ip ip6)",
+                    description     => "Allow sip access",
+                    rule            => "&TCP_UDP_SERVICE(5060)"
+            }
+            @ferm::rule { "dsa-sipx":
+                    domain          => "(ip ip6)",
+                    description     => "Allow sipx access",
+                    rule            => "&TCP_UDP_SERVICE(5080)"
+            }
+        }
     }
 
 
Unnamed repository; edit this file 'description' to name the repository.