change to rules by ip

Signed-off-by: Stephen Gran <steve@lobefin.net>

diff --git a/modules/roles/manifests/pubsub.pp b/modules/roles/manifests/pubsub.pp
index 2f02be0d329403e57da2d2c08f3f41bc9ce8f533..100850fa2af2b76959cd67835063f16f4b599ddd 100644 (file)
--- a/modules/roles/manifests/pubsub.pp
+++ b/modules/roles/manifests/pubsub.pp
@@ -57,16 +57,23 @@ class roles::pubsub {
        }
 
        if $::hostname == $cc_master {
-               $you = $cc_secondary
+               $you  = '5.153.231.15'
+               $you6 = '2001:41c8:1000:21::21:15'
        } else {
-               $you = $cc_master
+               $you  = '5.153.231.16'
+               $you6 = '2001:41c8:1000:21::21:16'
        }
 
        @ferm::rule { 'rabbitmq_cluster':
-               domain      => '(ip ip6)',
+               domain      => 'ip',
                description => 'rabbitmq cluster connections',
                rule        => "proto tcp mod state state (NEW) saddr (${you}) ACCEPT"
        }
+       @ferm::rule { 'rabbitmq_cluster':
+               domain      => 'ip6',
+               description => 'rabbitmq cluster connections',
+               rule        => "proto tcp mod state state (NEW) saddr (${you6}) ACCEPT"
+       }
        @ferm::rule { 'rabbitmq_mgmt':
                description => 'rabbitmq cluster connections',
                rule        => '&SERVICE_RANGE(tcp, 15672, $DSA_IPS)'