Alexandros Kosiaris has uploaded a new change for review.
https://gerrit.wikimedia.org/r/129460
Change subject: Update ncsa/snmp rules to include more LANs
......................................................................
Update ncsa/snmp rules to include more LANs
Change-Id: I142876d78305bb526322be28db8dba03f3f850ec
---
M manifests/misc/icinga.pp
1 file changed, 3 insertions(+), 2 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/60/129460/1
diff --git a/manifests/misc/icinga.pp b/manifests/misc/icinga.pp
index c43d1d3..cfa2ae2 100644
--- a/manifests/misc/icinga.pp
+++ b/manifests/misc/icinga.pp
@@ -638,11 +638,12 @@
class icinga::monitor::firewall {
#ncsa on port 5667
ferm::rule { 'ncsa_allowed':
- rule => 'saddr (127.0.0.1 $PMTPA_PRIVATE_PRIVATE_IPV4
$ESAMS_PRIVATE_PRIVATE1_ESAMS_IPV4 $EQIAD_PRIVATE_PRIVATE1_A_EQIAD_IPV4
$EQIAD_PRIVATE_PRIVATE1_B_EQIAD_IPV4 $ULSFO_PRIVATE_PRIVATE1_ULSFO_IPV4
$PMTPA_PRIVATE_VIRT_HOSTS_IPV4 $PMTPA_PUBLIC_PUBLIC_SERVICES_IPV4
$PMTPA_PUBLIC_PUBLIC_SERVICES_2_IPV4 $ESAMS_PUBLIC_PUBLIC_SERVICES_IPV4
$ULSFO_PUBLIC_PUBLIC1_ULSFO_IPV4 208.80.155.0/27 10.64.40.0/24) proto tcp dport
5667 ACCEPT;'
+ rule => 'saddr (127.0.0.1 $EQIAD_PRIVATE_ANALYTICS1_A_EQIAD
$EQIAD_PRIVATE_ANALYTICS1_B_EQIAD $EQIAD_PRIVATE_ANALYTICS1_C_EQIAD
$EQIAD_PRIVATE_ANALYTICS1_D_EQIAD $EQIAD_PRIVATE_LABS_HOSTS1_A_EQIAD
$EQIAD_PRIVATE_LABS_HOSTS1_B_EQIAD $EQIAD_PRIVATE_LABS_HOSTS1_D_EQIAD
$EQIAD_PRIVATE_LABS_SUPPORT1_C_EQIAD $EQIAD_PRIVATE_PRIVATE1_A_EQIAD
$EQIAD_PRIVATE_PRIVATE1_B_EQIAD $EQIAD_PRIVATE_PRIVATE1_C_EQIAD
$EQIAD_PRIVATE_PRIVATE1_D_EQIAD $EQIAD_PUBLIC_PUBLIC1_A_EQIAD
$EQIAD_PUBLIC_PUBLIC1_B_EQIAD $EQIAD_PUBLIC_PUBLIC1_C_EQIAD
$EQIAD_PUBLIC_PUBLIC1_D_EQIAD $ESAMS_PRIVATE_PRIVATE1_ESAMS
$ESAMS_PUBLIC_PUBLIC_SERVICES $PMTPA_PRIVATE_PRIVATE $PMTPA_PRIVATE_VIRT_HOSTS
$PMTPA_PUBLIC_PUBLIC_SERVICES $PMTPA_PUBLIC_PUBLIC_SERVICES_2
$PMTPA_PUBLIC_SANDBOX $PMTPA_PUBLIC_SQUID_LVS $ULSFO_PRIVATE_PRIVATE1_ULSFO
$ULSFO_PUBLIC_PUBLIC1_ULSFO 208.80.155.0/27 10.64.40.0/24) proto tcp dport 5667
ACCEPT;'
}
#snmptrap on port 162
- ferm::rule { 'snmptrap_allowed': rule => 'saddr (127.0.0.1
$PMTPA_PRIVATE_PRIVATE_IPV4 $ESAMS_PRIVATE_PRIVATE1_ESAMS_IPV4
$EQIAD_PRIVATE_PRIVATE1_A_EQIAD_IPV4 $EQIAD_PRIVATE_PRIVATE1_B_EQIAD_IPV4
$ULSFO_PRIVATE_PRIVATE1_ULSFO_IPV4 $PMTPA_PRIVATE_VIRT_HOSTS_IPV4
$PMTPA_PUBLIC_PUBLIC_SERVICES_IPV4 $PMTPA_PUBLIC_PUBLIC_SERVICES_2_IPV4
$ESAMS_PUBLIC_PUBLIC_SERVICES_IPV4 $ULSFO_PUBLIC_PUBLIC1_ULSFO_IPV4
208.80.155.0/27 10.64.40.0/24) proto udp dport 162 ACCEPT;'
+ ferm::rule { 'snmptrap_allowed':
+ rule => 'saddr (127.0.0.1 $EQIAD_PRIVATE_ANALYTICS1_A_EQIAD
$EQIAD_PRIVATE_ANALYTICS1_B_EQIAD $EQIAD_PRIVATE_ANALYTICS1_C_EQIAD
$EQIAD_PRIVATE_ANALYTICS1_D_EQIAD $EQIAD_PRIVATE_LABS_HOSTS1_A_EQIAD
$EQIAD_PRIVATE_LABS_HOSTS1_B_EQIAD $EQIAD_PRIVATE_LABS_HOSTS1_D_EQIAD
$EQIAD_PRIVATE_LABS_SUPPORT1_C_EQIAD $EQIAD_PRIVATE_PRIVATE1_A_EQIAD
$EQIAD_PRIVATE_PRIVATE1_B_EQIAD $EQIAD_PRIVATE_PRIVATE1_C_EQIAD
$EQIAD_PRIVATE_PRIVATE1_D_EQIAD $EQIAD_PUBLIC_PUBLIC1_A_EQIAD
$EQIAD_PUBLIC_PUBLIC1_B_EQIAD $EQIAD_PUBLIC_PUBLIC1_C_EQIAD
$EQIAD_PUBLIC_PUBLIC1_D_EQIAD $ESAMS_PRIVATE_PRIVATE1_ESAMS
$ESAMS_PUBLIC_PUBLIC_SERVICES $PMTPA_PRIVATE_PRIVATE $PMTPA_PRIVATE_VIRT_HOSTS
$PMTPA_PUBLIC_PUBLIC_SERVICES $PMTPA_PUBLIC_PUBLIC_SERVICES_2
$PMTPA_PUBLIC_SANDBOX $PMTPA_PUBLIC_SQUID_LVS $ULSFO_PRIVATE_PRIVATE1_ULSFO
$ULSFO_PUBLIC_PUBLIC1_ULSFO 208.80.155.0/27 10.64.40.0/24) proto udp dport 162
ACCEPT;'
}
}
--
To view, visit https://gerrit.wikimedia.org/r/129460
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I142876d78305bb526322be28db8dba03f3f850ec
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <akosia...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
