add v6, possibly not brokenly this time

[mirror/dsa-puppet.git] / modules / ferm / templates / me.conf.erb

diff --git a/modules/ferm/templates/me.conf.erb b/modules/ferm/templates/me.conf.erb
index 0ed5c0f..5a13907 100644 (file)
--- a/modules/ferm/templates/me.conf.erb
+++ b/modules/ferm/templates/me.conf.erb
@@ -4,9 +4,32 @@
 ##
 
 
-@def $SSH_SOURCES = <%
-ssh_allowed = case hostname
-  when 'logtest01' then '0.0.0.0/0'
+@def $SSH_SOURCES = (<%=
+
+sshallowed = []
+
+case hostname
+  when 'logtest01' then sshallowed << [ '$DSA_IPS' ]
+end
+
+if sshallowed.length == 0
+  sshallowed = [ '0.0.0.0' ]
+end
+
+sshallowed.join(' ')
+%>);
+
+@def $SSH_V6_SOURCES = (<%=
+
+sshallowed = []
+
+case hostname
+  when 'logtest01' then sshallowed << [ '$DSA_V6_IPS' ]
 end
-ssh_allowed
-%>
+
+if sshallowed.length == 0
+  sshallowed = [ ':::' ]
+end
+
+sshallowed.join(' ')
+%>);