From c85c6dc77fcfec881d88a6c8f3457044d714c52e Mon Sep 17 00:00:00 2001
From: Luca Filipozzi <lfilipoz@emyr.net>
Date: Wed, 18 Apr 2012 23:50:15 +0000
Subject: [PATCH] add more ferm rules for ganeit

---
 modules/ganeti2/manifests/init.pp | 20 ++++++++++++++++----
 1 file changed, 16 insertions(+), 4 deletions(-)

diff --git a/modules/ganeti2/manifests/init.pp b/modules/ganeti2/manifests/init.pp
index 3605b583..436c0dd4 100644
--- a/modules/ganeti2/manifests/init.pp
+++ b/modules/ganeti2/manifests/init.pp
@@ -16,14 +16,26 @@ class ganeti2 {
 		ensure => installed
 	}
 
-	@ferm::rule { 'dsa-ganeti-v4':
-		description => 'Allow ganeti from ganeti master',
-		rule        => 'proto tcp mod state state (NEW) dport (1811) @subchain \'ganeti\' { saddr ($HOST_GANETI_V4) ACCEPT; }',
+	@ferm::rule { 'dsa-ganeti-noded-v4':
+		description => 'allow ganeti-noded communication between',
+		rule        => 'proto tcp mod state state (NEW) dport (1811) @subchain \'ganeti-noded\' { saddr ($HOST_GANETI_V4) daddr ($HOST_GANETI_V4) ACCEPT; }',
+		notarule    => true,
+	}
+
+	@ferm::rule { 'dsa-ganeti-confd-v4':
+		description => 'allow ganeti-confd communication',
+		rule        => 'proto udp mod state state (NEW) dport (1814) @subchain \'ganeti-confd\' { saddr ($HOST_GANETI_V4) daddr ($HOST_GANETI_V4) ACCEPT; }',
+		notarule    => true,
+	}
+
+	@ferm::rule { 'dsa-ganeti-rapi-v4':
+		description => 'allow ganeti-rapi communication',
+		rule        => 'proto tcp mod state state (NEW) dport (5080) @subchain \'ganeti-rapi\' { saddr ($HOST_GANETI_V4) daddr ($HOST_GANETI_V4) ACCEPT; }',
 		notarule    => true,
 	}
 
 	@ferm::rule { 'dsa-drbd-v4':
-		description => 'Allow ganeti from ganeti master',
+		description => 'allow drbd communication',
 		rule        => 'proto tcp mod state state (NEW) dport (11000:11999) @subchain \'drbd\' { saddr ($HOST_DRBD_V4) daddr ($HOST_DRBD_V4) ACCEPT; }',
 		notarule    => true,
 	}
-- 
2.39.2