projects
/
mirror
/
dsa-puppet.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Put mirror-master only on klecker and mirror-isc
[mirror/dsa-puppet.git]
/
modules
/
ferm
/
templates
/
interfaces.conf.erb
diff --git
a/modules/ferm/templates/interfaces.conf.erb
b/modules/ferm/templates/interfaces.conf.erb
index
82bdb09
..
496054c
100644
(file)
--- a/
modules/ferm/templates/interfaces.conf.erb
+++ b/
modules/ferm/templates/interfaces.conf.erb
@@
-1,4
+1,17
@@
-def $MUNIN_IPS = (<%= v4ips.split(',').join(' ') %>);
+def $MUNIN_IPS = (<%=
+begin
+ scope.lookupvar('::v4ips').split(',').join(' ')
+rescue
+ ''
+end
+%>);
+def $MUNIN6_IPS = (<%=
+begin
+ scope.lookupvar('::v6ips') == '' ? '' : scope.lookupvar('::v6ips').split(',').join(' ')
+rescue
+ ''
+end
+%>);
domain ip {
chain INPUT {
domain ip {
chain INPUT {
@@
-11,3
+24,15
@@
domain ip {
saddr ($MUNIN_IPS) NOP;
}
}
saddr ($MUNIN_IPS) NOP;
}
}
+
+domain ip6 {
+ chain INPUT {
+ daddr ($MUNIN6_IPS) NOP;
+ }
+}
+
+domain ip6 {
+ chain OUTPUT {
+ saddr ($MUNIN6_IPS) NOP;
+ }
+}