[MediaWiki-commits] [Gerrit] Add frack to icinga ncsa/nrpe firewall - change (operations/puppet)

Thu, 24 Apr 2014 07:56:29 -0700 

Alexandros Kosiaris has submitted this change and it was merged.

Change subject: Add frack to icinga ncsa/nrpe firewall
......................................................................


Add frack to icinga ncsa/nrpe firewall

So that passive checks from frack work

Change-Id: I3e582fadb3cccccee2314f5f7d9a4a7027f6f5ee
---
M manifests/misc/icinga.pp
1 file changed, 2 insertions(+), 3 deletions(-)

Approvals:
  Alexandros Kosiaris: Verified; Looks good to me, approved



diff --git a/manifests/misc/icinga.pp b/manifests/misc/icinga.pp
index 49f966d..3c2c48e 100644
--- a/manifests/misc/icinga.pp
+++ b/manifests/misc/icinga.pp
@@ -638,12 +638,11 @@
 class icinga::monitor::firewall {
     #ncsa on port 5667
     ferm::rule { 'ncsa_allowed':
-        rule => 'saddr (127.0.0.1 $PMTPA_PRIVATE_PRIVATE_IPV4 
$ESAMS_PRIVATE_PRIVATE1_ESAMS_IPV4 $EQIAD_PRIVATE_PRIVATE1_A_EQIAD_IPV4 
$EQIAD_PRIVATE_PRIVATE1_B_EQIAD_IPV4 $ULSFO_PRIVATE_PRIVATE1_ULSFO_IPV4 
$PMTPA_PRIVATE_VIRT_HOSTS_IPV4 $PMTPA_PUBLIC_PUBLIC_SERVICES_IPV4 
$PMTPA_PUBLIC_PUBLIC_SERVICES_2_IPV4 $ESAMS_PUBLIC_PUBLIC_SERVICES_IPV4 
$ULSFO_PUBLIC_PUBLIC1_ULSFO_IPV4) proto tcp dport 5667 ACCEPT;'
+        rule => 'saddr (127.0.0.1 $PMTPA_PRIVATE_PRIVATE_IPV4 
$ESAMS_PRIVATE_PRIVATE1_ESAMS_IPV4 $EQIAD_PRIVATE_PRIVATE1_A_EQIAD_IPV4 
$EQIAD_PRIVATE_PRIVATE1_B_EQIAD_IPV4 $ULSFO_PRIVATE_PRIVATE1_ULSFO_IPV4 
$PMTPA_PRIVATE_VIRT_HOSTS_IPV4 $PMTPA_PUBLIC_PUBLIC_SERVICES_IPV4 
$PMTPA_PUBLIC_PUBLIC_SERVICES_2_IPV4 $ESAMS_PUBLIC_PUBLIC_SERVICES_IPV4 
$ULSFO_PUBLIC_PUBLIC1_ULSFO_IPV4 10.64.40.0/24) proto tcp dport 5667 ACCEPT;'
     }
 
     #snmptrap on port 162
-    ferm::rule { 'snmptrap_allowed':
-        rule => 'saddr (127.0.0.1 $PMTPA_PRIVATE_PRIVATE_IPV4 
$ESAMS_PRIVATE_PRIVATE1_ESAMS_IPV4 $EQIAD_PRIVATE_PRIVATE1_A_EQIAD_IPV4 
$EQIAD_PRIVATE_PRIVATE1_B_EQIAD_IPV4 $ULSFO_PRIVATE_PRIVATE1_ULSFO_IPV4 
$PMTPA_PRIVATE_VIRT_HOSTS_IPV4 $PMTPA_PUBLIC_PUBLIC_SERVICES_IPV4 
$PMTPA_PUBLIC_PUBLIC_SERVICES_2_IPV4 $ESAMS_PUBLIC_PUBLIC_SERVICES_IPV4 
$ULSFO_PUBLIC_PUBLIC1_ULSFO_IPV4) proto udp dport 162 ACCEPT;'
+    ferm::rule { 'snmptrap_allowed': rule => 'saddr (127.0.0.1 
$PMTPA_PRIVATE_PRIVATE_IPV4 $ESAMS_PRIVATE_PRIVATE1_ESAMS_IPV4 
$EQIAD_PRIVATE_PRIVATE1_A_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_B_EQIAD_IPV4 
$ULSFO_PRIVATE_PRIVATE1_ULSFO_IPV4 $PMTPA_PRIVATE_VIRT_HOSTS_IPV4 
$PMTPA_PUBLIC_PUBLIC_SERVICES_IPV4 $PMTPA_PUBLIC_PUBLIC_SERVICES_2_IPV4 
$ESAMS_PUBLIC_PUBLIC_SERVICES_IPV4 $ULSFO_PUBLIC_PUBLIC1_ULSFO_IPV4 
10.64.40.0/24) proto udp dport 162 ACCEPT;'
     }
 }
 

-- 
To view, visit https://gerrit.wikimedia.org/r/129441
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I3e582fadb3cccccee2314f5f7d9a4a7027f6f5ee
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <akosia...@wikimedia.org>
Gerrit-Reviewer: Alexandros Kosiaris <akosia...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to