X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=modules%2Fferm%2Fmanifests%2Finit.pp;h=a8798c82a49654ebf0e68c78d4f61a79f2588f25;hb=1cff95615ab0baf6f5e8f6db3a5611ab0a232256;hp=d97e1816a16fb4c376897dc90824d355fe598e8c;hpb=a2bea19ddf88b6abe62fe70650751c238826b028;p=mirror%2Fdsa-puppet.git

diff --git a/modules/ferm/manifests/init.pp b/modules/ferm/manifests/init.pp
index d97e1816a..a8798c82a 100644
--- a/modules/ferm/manifests/init.pp
+++ b/modules/ferm/manifests/init.pp
@@ -1,5 +1,5 @@
 class ferm {
-	define ferm_rule($domain="ip", $chain="INPUT", $rule, $description="", $prio="00") {
+	define rule($domain="ip", $chain="INPUT", $rule, $description="", $prio="00") {
 	        file { "/etc/ferm/dsa.d/${prio}_${name}":
 	                ensure  => present,
 	                owner   => root,
@@ -15,12 +15,21 @@ class ferm {
                 "/etc/ferm/dsa.d": 
                         ensure => directory,
                         require => Package["ferm"];
-                "/etc/ferm/dsa.d/me.conf":
+                "/etc/ferm/conf.d": 
+                        ensure => directory,
+                        require => Package["ferm"];
+                "/etc/ferm/conf.d/me.conf":
                         content => template("ferm/me.conf.erb"),
                         require => Package["ferm"],
                         notify  => Exec["ferm restart"];
         }
 
+        ferm::rule { "dsa-ssh":
+                description     => "Allow SSH from DSA",
+                rule            => "proto tcp dport ssh ACCEPT"
+        }
+
+        ferm_rule(
         exec { "ferm restart":
                 path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
                 refreshonly => true,