- case $ferm {
- "true": {
- ferm::rule { "dsa-munin":
- description => "Allow munin-node from spohr.debian.org",
- rule => 'proto tcp dport 4949 saddr $HOST_MUNIN ACCEPT',
- prio => "02"
- }
- }
- }
+ @ferm::rule { "dsa-munin-v4":
+ description => "Allow munin from munin master",
+ rule => "proto tcp mod state state (NEW) dport (munin) @subchain 'munin' { saddr (\$HOST_MUNIN_V4 \$HOST_NAGIOS_V4) ACCEPT; }"
+ }
+ @ferm::rule { "dsa-munin-v6":
+ description => "Allow munin from munin master",
+ domain => "ip6",
+ rule => "proto tcp mod state state (NEW) dport (munin) @subchain 'munin' { saddr (\$HOST_MUNIN_V6 \$HOST_NAGIOS_V6) ACCEPT; }"
+ }