Merge branch 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet

* 'master' of ssh://handel.debian.org/srv/puppet.debian.org/git/dsa-puppet:
  nagios is also allowed to check if munin is listening
  typo
  will ferm do the right thing?
  Revert "will ferm do the right thing?"
  will ferm do the right thing?

diff --git a/modules/munin-node/manifests/init.pp b/modules/munin-node/manifests/init.pp
index ac999ef..06d47ce 100644 (file)
--- a/modules/munin-node/manifests/init.pp
+++ b/modules/munin-node/manifests/init.pp
@@ -74,9 +74,14 @@ class munin-node {
         path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
         refreshonly => true,
     }
-    @ferm::rule { "dsa-munin":
+    @ferm::rule { "dsa-munin-v4":
             description     => "Allow munin from munin master",
-            rule            => "proto tcp mod state state (NEW) dport (munin) @subchain 'munin' { saddr (\$HOST_MUNIN) ACCEPT; }"
+            rule            => "proto tcp mod state state (NEW) dport (munin) @subchain 'munin' { saddr (\$HOST_MUNIN_V4 \$HOST_NAGIOS_V4) ACCEPT; }"
+    }
+    @ferm::rule { "dsa-munin-v6":
+            description     => "Allow munin from munin master",
+            domain          => "ip6",
+            rule            => "proto tcp mod state state (NEW) dport (munin) @subchain 'munin' { saddr (\$HOST_MUNIN_V6 \$HOST_NAGIOS_V6) ACCEPT; }"
     }
 }