Use service names instead of port numbers

[mirror/dsa-puppet.git] / modules / ferm / manifests / per-host.pp

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 575b201..f4abeb1 100644 (file)
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -132,7 +132,7 @@ class ferm::per-host {
             @ferm::rule { "dsa-krb-kdc":
                 domain          => "(ip ip6)",
                 description  => "kerberos KDC",
-                rule         => "&SERVICE(tcp, 88)"
+                rule         => "&SERVICE(tcp, kerberos)"
             }
         }
     }
@@ -141,17 +141,17 @@ class ferm::per-host {
             @ferm::rule { "dsa-krb-ipropd":
                 domain       => "ip",
                 description  => "kerberos ipropd",
-                rule         => "&SERVICE_RANGE(tcp, 2121, 206.12.19.119)",
+                rule         => "&SERVICE_RANGE(tcp, iprop, 206.12.19.119)",
             }
             @ferm::rule { "dsa-krb-ipropd-v6":
                 domain       => 'ip6',
                 description  => "kerberos ipropd (IPv6)",
-                rule         => "&SERVICE_RANGE(tcp, 2121, 2607:f8f0:610:4000:216:36ff:fe40:380a)",
+                rule         => "&SERVICE_RANGE(tcp, iprop, 2607:f8f0:610:4000:216:36ff:fe40:380a)",
             }
             @ferm::rule { "dsa-krb-kpasswdd":
                 domain          => "(ip ip6)",
                 description  => "kerberos KDC",
-                rule         => "&SERVICE(udp, 464)",
+                rule         => "&SERVICE(udp, kpasswd)",
             }
         }
     }