Allow all debian hosts access to the bacula storage

author Tollef Fog Heen <tfheen@err.no>

Sat, 16 Jun 2012 15:08:17 +0000 (17:08 +0200)

committer Tollef Fog Heen <tfheen@err.no>

Sat, 16 Jun 2012 15:08:17 +0000 (17:08 +0200)
author Tollef Fog Heen <tfheen@err.no>
Sat, 16 Jun 2012 15:08:17 +0000 (17:08 +0200)
committer Tollef Fog Heen <tfheen@err.no>
Sat, 16 Jun 2012 15:08:17 +0000 (17:08 +0200)
diff --git a/modules/bacula/manifests/storage.pp b/modules/bacula/manifests/storage.pp

index 5ed32b90a060ba4924bda08a92ee699753b792dc..d4f67d01509adcbd7f11b08f15d111d70bc96ed2 100644 (file)
--- a/modules/bacula/manifests/storage.pp
+++ b/modules/bacula/manifests/storage.pp
@@ -25,4 +25,17 @@ class bacula::storage inherits bacula {
        path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
        refreshonly => true;
    }
+
+  @ferm::rule { 'dsa-bacula-sd-v4':
+    domain      => '(ip)',
+    description => 'Allow bacula-sd access from director and clients',
+
+    rule            => 'proto tcp mod state state (NEW) dport (bacula-sd) @subchain \'bacula-sd\' { saddr ($HOST_DEBIAN_V4) ACCEPT; }',
+  }
+  @ferm::rule { 'dsa-bacula-sd-v6':
+    domain      => '(ip6)',
+    description => 'Allow bacula-sd access from director and clients',
+
+    rule            => 'proto tcp mod state state (NEW) dport (bacula-sd) @subchain \'bacula-sd\' { saddr ($HOST_DEBIAN_V6) ACCEPT; }',
+
  }
author	Tollef Fog Heen <tfheen@err.no>
	Sat, 16 Jun 2012 15:08:17 +0000 (17:08 +0200)
committer	Tollef Fog Heen <tfheen@err.no>
	Sat, 16 Jun 2012 15:08:17 +0000 (17:08 +0200)