- ferm::rule { "dsa-munin":
- description => "Allow munin-node from spohr.debian.org",
- rule => 'proto tcp dport 4949 saddr $HOST_MUNIN ACCEPT',
- prio => "02"
- }
+ @ferm::rule { "dsa-munin":
+ description => "Allow munin from munin master",
+ rule => "proto tcp mod state state (NEW) dport (munin) @subchain 'munin' { saddr (\$HOST_MUNIN) ACCEPT; }"
+ }