From: Peter Palfrader <peter@palfrader.org>
Date: Thu, 9 Sep 2010 15:46:07 +0000 (+0200)
Subject: Use service names instead of port numbers
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=15cdae0dd4fa8519685f9ce3aa4dc778270b2252;p=mirror%2Fdsa-puppet.git

Use service names instead of port numbers
---

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 575b2019d..f4abeb198 100644
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -132,7 +132,7 @@ class ferm::per-host {
             @ferm::rule { "dsa-krb-kdc":
                 domain          => "(ip ip6)",
                 description  => "kerberos KDC",
-                rule         => "&SERVICE(tcp, 88)"
+                rule         => "&SERVICE(tcp, kerberos)"
             }
         }
     }
@@ -141,17 +141,17 @@ class ferm::per-host {
             @ferm::rule { "dsa-krb-ipropd":
                 domain       => "ip",
                 description  => "kerberos ipropd",
-                rule         => "&SERVICE_RANGE(tcp, 2121, 206.12.19.119)",
+                rule         => "&SERVICE_RANGE(tcp, iprop, 206.12.19.119)",
             }
             @ferm::rule { "dsa-krb-ipropd-v6":
                 domain       => 'ip6',
                 description  => "kerberos ipropd (IPv6)",
-                rule         => "&SERVICE_RANGE(tcp, 2121, 2607:f8f0:610:4000:216:36ff:fe40:380a)",
+                rule         => "&SERVICE_RANGE(tcp, iprop, 2607:f8f0:610:4000:216:36ff:fe40:380a)",
             }
             @ferm::rule { "dsa-krb-kpasswdd":
                 domain          => "(ip ip6)",
                 description  => "kerberos KDC",
-                rule         => "&SERVICE(udp, 464)",
+                rule         => "&SERVICE(udp, kpasswd)",
             }
         }
     }