From: Stephen Gran Date: Sun, 21 Feb 2010 16:49:32 +0000 (+0000) Subject: will ferm do the right thing? X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=1deca2a97c82229f0109e46c85b48ff4c0bba287;p=mirror%2Fdsa-puppet.git will ferm do the right thing? Signed-off-by: Stephen Gran --- diff --git a/modules/munin-node/manifests/init.pp b/modules/munin-node/manifests/init.pp index ac999ef90..a678a66cf 100644 --- a/modules/munin-node/manifests/init.pp +++ b/modules/munin-node/manifests/init.pp @@ -74,9 +74,14 @@ class munin-node { path => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin", refreshonly => true, } - @ferm::rule { "dsa-munin": + @ferm::rule { "dsa-munin-v4" description => "Allow munin from munin master", - rule => "proto tcp mod state state (NEW) dport (munin) @subchain 'munin' { saddr (\$HOST_MUNIN) ACCEPT; }" + rule => "proto tcp mod state state (NEW) dport (munin) @subchain 'munin' { saddr (\$HOST_MUNIN_V4) ACCEPT; }" + } + @ferm::rule { "dsa-munin-v4" + description => "Allow munin from munin master", + domain => "ip6", + rule => "proto tcp mod state state (NEW) dport (munin) @subchain 'munin' { saddr (\$HOST_MUNIN_V6) ACCEPT; }" } }