retire manual firewalling on bmdb1 for dak replica access

[mirror/dsa-puppet.git] / modules / ferm / manifests / ftp_conntrack.pp

diff --git a/modules/ferm/manifests/ftp_conntrack.pp b/modules/ferm/manifests/ftp_conntrack.pp
index 868110b..ce84e98 100644 (file)
--- a/modules/ferm/manifests/ftp_conntrack.pp
+++ b/modules/ferm/manifests/ftp_conntrack.pp
@@ -1,20 +1,19 @@
 class ferm::ftp_conntrack {
+  # Allow non-passive connections to an FTP server
+  ferm::rule { 'dsa-ftp-conntrack-client':
+    domain      => '(ip ip6)',
+    description => 'ftp client connection tracking',
+    table       => 'raw',
+    chain       => 'OUTPUT',
+    rule        => 'proto tcp dport 21 CT helper ftp'
+  }
 
-       # Allow non-passive connections to an FTP server
-       @ferm::rule { 'dsa-ftp-conntrack-client':
-               domain      => '(ip ip6)',
-               description => 'ftp client connection tracking',
-               table       => 'raw',
-               chain       => 'OUTPUT',
-               rule        => 'proto tcp dport 21 CT helper ftp'
-       }
-
-       # Allow passive connections from an FTP client
-       @ferm::rule { 'dsa-ftp-conntrack-server':
-               domain      => '(ip ip6)',
-               description => 'ftp server connection tracking',
-               table       => 'raw',
-               chain       => 'PREROUTING',
-               rule        => 'proto tcp dport 21 CT helper ftp'
-       }
+  # Allow passive connections from an FTP client
+  ferm::rule { 'dsa-ftp-conntrack-server':
+    domain      => '(ip ip6)',
+    description => 'ftp server connection tracking',
+    table       => 'raw',
+    chain       => 'PREROUTING',
+    rule        => 'proto tcp dport 21 CT helper ftp'
+  }
 }