ferm initial checkin

author Martin Zobel-Helas <zobel@debian.org>

Mon, 18 Jan 2010 20:14:16 +0000 (21:14 +0100)

committer Martin Zobel-Helas <zobel@debian.org>

Mon, 18 Jan 2010 20:14:16 +0000 (21:14 +0100)
author Martin Zobel-Helas <zobel@debian.org>
Mon, 18 Jan 2010 20:14:16 +0000 (21:14 +0100)
committer Martin Zobel-Helas <zobel@debian.org>
Mon, 18 Jan 2010 20:14:16 +0000 (21:14 +0100)
diff --git a/manifests/site.pp b/manifests/site.pp

index 64b54d2dddfcd019585ee20b9bf074f11bac1e58..4525e5063447298d91d64402b288cbe2e5c6d2df 100644 (file)
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -83,4 +83,7 @@ node default {
      case $hoster {
          "ubcece", "darmstadt", "ftcollins", "grnet":  { include resolv }
      }
+    case $hostname {
+       brahms: { include ferm }
+    }
  }
diff --git a/modules/munin-node/manifests/init.pp b/modules/munin-node/manifests/init.pp

index 29bef07fef85f8b3fae7be4f6dcf80cc72a70ca4..5b61d16783f48db779743bc60aa183994f4dc1cb 100644 (file)
--- a/modules/munin-node/manifests/init.pp
+++ b/modules/munin-node/manifests/init.pp
@@ -75,5 +75,10 @@ class munin-node {
          path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
          refreshonly => true,
      }
+    ferm::rule { "dsa-munin":
+        description     => "Allow munin-node from spohr.debian.org",
+        rule            => "proto tcp dport 4949 saddr $HOST_MUNIN ACCEPT"
+       prio            => "02"
+   }
  }
  
diff --git a/modules/nagios/manifests/init.pp b/modules/nagios/manifests/init.pp

index 13c0dc911bf2a7b4aed742776bfd5941adee7151..f3e3cbcbc67e95db28b764a2500cf2d9672dc339 100644 (file)
--- a/modules/nagios/manifests/init.pp
+++ b/modules/nagios/manifests/init.pp
@@ -2,4 +2,9 @@ class nagios {
         package {
                 nagios-nrpe-server: ensure => installed;
         }
+       ferm::rule { "dsa-nagios":
+               description     => "Allow nrpe from spohr.debian.org",
+               rule            => "proto tcp dport 5666 saddr $HOST_NAGIOS ACCEPT"
+               prio            => "03"
+       }
  }
diff --git a/modules/ssh/manifests/init.pp b/modules/ssh/manifests/init.pp

index 13a7e0ba1c9e109a9c94578210194819e8ecf0a9..b3e32e34c57ec9470c7857131664b4356c8f16e9 100644 (file)
--- a/modules/ssh/manifests/init.pp
+++ b/modules/ssh/manifests/init.pp
@@ -37,4 +37,11 @@ class ssh {
              path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
              refreshonly => true,
          }
+        ferm::rule { "dsa-ssh":
+               description     => "Allow SSH",
+               rule            => "proto tcp dport ssh ACCEPT",
+               domain          => "(ip ip6)",
+               prio            => "01"
+        }
+
  }
author	Martin Zobel-Helas <zobel@debian.org>
	Mon, 18 Jan 2010 20:14:16 +0000 (21:14 +0100)
committer	Martin Zobel-Helas <zobel@debian.org>
	Mon, 18 Jan 2010 20:14:16 +0000 (21:14 +0100)
manifests/site.pp		patch \| blob \| history
modules/munin-node/manifests/init.pp		patch \| blob \| history
modules/nagios/manifests/init.pp		patch \| blob \| history
modules/ssh/manifests/init.pp		patch \| blob \| history