Jgreen has uploaded a new change for review.
https://gerrit.wikimedia.org/r/130596
Change subject: initial stab at firewall rules for iodine
......................................................................
initial stab at firewall rules for iodine
Change-Id: I5c1cf30d194d26f290b180444a6af509c8cc62bb
---
M manifests/role/otrs.pp
1 file changed, 20 insertions(+), 0 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/96/130596/1
diff --git a/manifests/role/otrs.pp b/manifests/role/otrs.pp
index a22efe4..e178dd1 100644
--- a/manifests/role/otrs.pp
+++ b/manifests/role/otrs.pp
@@ -6,10 +6,30 @@
$nagios_group = "${cluster}_${::site}"
+ include base::firewall
include standard-noexim
include webserver::apache
include network::constants
+ ferm::rule { 'ssh-private':
+ rule => 'proto tcp dport 22 { saddr $ALL_NETWORKS ACCEPT; }'
+ }
+ ferm::service { 'smtp-private':
+ proto => 'tcp',
+ rule => 'proto tcp dport 25 { saddr $ALL_NETWORKS ACCEPT; }'
+ }
+ ferm::service { 'http':
+ proto => 'tcp',
+ port => '80',
+ }
+ ferm::service { 'https':
+ proto => 'tcp',
+ port => '443',
+ }
+ ferm::rule { 'bacula_director':
+ rule => "proto tcp dport 9102 { saddr
${role::backup::config::director_ip} ACCEPT; }"
+ }
+
generic::systemuser { 'otrs':
name => 'otrs',
home => '/var/lib/otrs',
--
To view, visit https://gerrit.wikimedia.org/r/130596
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I5c1cf30d194d26f290b180444a6af509c8cc62bb
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Jgreen <jgr...@wikimedia.org>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
