this should make whitelist, greylist and callout work as expected for virtual domains

[mirror/dsa-puppet.git] / modules / ntp / manifests / init.pp

diff --git a/modules/ntp/manifests/init.pp b/modules/ntp/manifests/init.pp
index a499bb6..dfc1517 100644 (file)
--- a/modules/ntp/manifests/init.pp
+++ b/modules/ntp/manifests/init.pp
@@ -25,9 +25,12 @@ class ntp {
                path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
                refreshonly => true,
        }
-        ferm::rule { "dsa-ntp":
-                domain          => (ip ip6),
+        @ferm::rule { "dsa-ntp":
+                domain          => "(ip ip6)",
                 description     => "Allow ntp access",
-                rule            => "proto udp mod state state (NEW) dport (123) ACCEPT"
+                rule            => "&SERVICE(udp, 123)"
         }
 }
+# vim:set et:
+# vim:set sts=4 ts=4:
+# vim:set shiftwidth=4: