Allow pg access to bmdb1 from coccia

author Peter Palfrader <peter@palfrader.org>

Sat, 6 Jul 2013 17:46:53 +0000 (19:46 +0200)

committer Peter Palfrader <peter@palfrader.org>

Sat, 6 Jul 2013 17:46:53 +0000 (19:46 +0200)
author Peter Palfrader <peter@palfrader.org>
Sat, 6 Jul 2013 17:46:53 +0000 (19:46 +0200)
committer Peter Palfrader <peter@palfrader.org>
Sat, 6 Jul 2013 17:46:53 +0000 (19:46 +0200)
diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp

index 1ca64a5e3bb15c8af4959b5c4832cc54996040b4..998fcbdd198b2481c36a1e683d6533e8f501fa20 100644 (file)
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -255,6 +255,17 @@ REJECT reject-with icmp-admin-prohibited
                                 rule            => '&SERVICE_RANGE(tcp, 5433, ( 2001:41c8:1000:21::21:10/128 ))'
                         }
                 }
+               bmdb1: {
+                       @ferm::rule { 'dsa-postgres-dak':
+                               description     => 'Allow postgress access',
+                               rule            => '&SERVICE_RANGE(tcp, 5434, ( 5.153.231.11/32 ))'
+                       }
+                       @ferm::rule { 'dsa-postgres-dak':
+                               domain          => 'ip6',
+                               description     => 'Allow postgress access',
+                               rule            => '&SERVICE_RANGE(tcp, 5434, ( 2001:41c8:1000:21::21:11/128 ))'
+                       }
+               }
                 danzi: {
                         @ferm::rule { 'dsa-postgres-danzi':
                                 description     => 'Allow postgress access',
author	Peter Palfrader <peter@palfrader.org>
	Sat, 6 Jul 2013 17:46:53 +0000 (19:46 +0200)
committer	Peter Palfrader <peter@palfrader.org>
	Sat, 6 Jul 2013 17:46:53 +0000 (19:46 +0200)