Merge branch 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet

* 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet:
  slow down some more search spiders
  move all files to explicit new-style module/ paths
  and apache module
  convert exim module to new syntax - why it needs to change, I don't know
  these settings seem to break samhain on wolkenstein - how odd
  ignore bind stuff on geo servers as well
  libdns66 can be ignored as well - pesky sonames
  The geo's no longer have a local geoip set of packages

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 3d4745887e930338df7a952ddcb9be052869fb71..ec082c385b0eb440b6338caee28317ce6dcc2d85 100644 (file)
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -208,6 +208,16 @@ class ferm::per-host {
                 rule            => 'proto tcp daddr 193.62.202.28 dport 80 REDIRECT to-ports 6081',
             }
         }
+        stabile: {
+            @ferm::rule { "dsa-snapshot-varnish":
+                rule            => '&SERVICE(tcp, 6081)',
+            }
+            @ferm::rule { "dsa-nat-snapshot-varnish":
+                table           => 'nat',
+                chain           => 'PREROUTING',
+                rule            => 'proto tcp daddr 206.12.19.150 dport 80 REDIRECT to-ports 6081',
+            }
+        }
     }
 }