summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
f906c34)
Signed-off-by: Stephen Gran <steve@lobefin.net>
}
@ferm::rule { "dsa-exim":
description => "Allow SMTP",
}
@ferm::rule { "dsa-exim":
description => "Allow SMTP",
- rule => "&SERVICE_RANGE(tcp, smtp, \$SSH_SOURCES)"
+ rule => "&SERVICE_RANGE(tcp, smtp, \$SMTP_SOURCES)"
}
@ferm::rule { "dsa-exim-v6":
description => "Allow SMTP",
domain => "ip6",
}
@ferm::rule { "dsa-exim-v6":
description => "Allow SMTP",
domain => "ip6",
- rule => "&SERVICE_RANGE(tcp, smtp, \$SSH_SOURCES)"
+ rule => "&SERVICE_RANGE(tcp, smtp, \$SMTP_V6_SOURCES)"
}
# Do we actually want this? I'm only doing it because it's harmless
# and makes the logs quiet. There are better ways of making logs quiet,
}
# Do we actually want this? I'm only doing it because it's harmless
# and makes the logs quiet. There are better ways of making logs quiet,
}
@def &SERVICE_RANGE($proto, $port, $srange) = {
}
@def &SERVICE_RANGE($proto, $port, $srange) = {
- proto $proto mod state state (NEW) dport $port @subchain $port { saddr ($srange) ACCEPT; }"
+ proto $proto mod state state (NEW) dport $port @subchain '$port' { saddr ($srange) ACCEPT; }"
}
@def &TCP_UDP_SERVICE($port) = {
}
@def &TCP_UDP_SERVICE($port) = {