From: Stephen Gran Date: Thu, 5 Apr 2012 11:56:08 +0000 (+0100) Subject: exuberant quoting X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=215ea6ef7a868fe83c46a02fa84a06e3e2631ed6;p=mirror%2Fdsa-puppet.git exuberant quoting Signed-off-by: Stephen Gran --- diff --git a/modules/exim/manifests/init.pp b/modules/exim/manifests/init.pp index 38a77a8eb..4a213f9aa 100644 --- a/modules/exim/manifests/init.pp +++ b/modules/exim/manifests/init.pp @@ -127,13 +127,13 @@ class exim { @ferm::rule { 'dsa-exim': description => 'Allow SMTP', - rule => '&SERVICE_RANGE(tcp, $mail_port, \$SMTP_SOURCES)' + rule => '&SERVICE_RANGE(tcp, $mail_port, $SMTP_SOURCES)' } @ferm::rule { 'dsa-exim-v6': description => 'Allow SMTP', domain => 'ip6', - rule => '&SERVICE_RANGE(tcp, $mail_port, \$SMTP_V6_SOURCES)' + rule => '&SERVICE_RANGE(tcp, $mail_port, $SMTP_V6_SOURCES)' } # Do we actually want this? I'm only doing it because it's harmless diff --git a/modules/exim/manifests/mx.pp b/modules/exim/manifests/mx.pp index c1b4fdbca..70a370294 100644 --- a/modules/exim/manifests/mx.pp +++ b/modules/exim/manifests/mx.pp @@ -15,12 +15,12 @@ class exim::mx inherits exim { @ferm::rule { 'dsa-exim-submission': description => 'Allow SMTP', - rule => '&SERVICE_RANGE(tcp, submission, \$SMTP_SOURCES)' + rule => '&SERVICE_RANGE(tcp, submission, $SMTP_SOURCES)' } @ferm::rule { 'dsa-exim-v6-submission': description => 'Allow SMTP', domain => 'ip6', - rule => '&SERVICE_RANGE(tcp, submission, \$SMTP_V6_SOURCES)', + rule => '&SERVICE_RANGE(tcp, submission, $SMTP_V6_SOURCES)', } } diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp index 83e289470..1532f9f38 100644 --- a/modules/ferm/manifests/per-host.pp +++ b/modules/ferm/manifests/per-host.pp @@ -47,12 +47,12 @@ class ferm::per-host { handel: { @ferm::rule { 'dsa-puppet': description => 'Allow puppet access', - rule => '&SERVICE_RANGE(tcp, 8140, \$HOST_DEBIAN_V4)' + rule => '&SERVICE_RANGE(tcp, 8140, $HOST_DEBIAN_V4)' } @ferm::rule { 'dsa-puppet-v6': domain => 'ip6', description => 'Allow puppet access', - rule => '&SERVICE_RANGE(tcp, 8140, \$HOST_DEBIAN_V6)' + rule => '&SERVICE_RANGE(tcp, 8140, $HOST_DEBIAN_V6)' } } powell: { @@ -69,12 +69,12 @@ class ferm::per-host { heininen,lotti: { @ferm::rule { 'dsa-syslog': description => 'Allow syslog access', - rule => '&SERVICE_RANGE(tcp, 5140, \$HOST_DEBIAN_V4)' + rule => '&SERVICE_RANGE(tcp, 5140, $HOST_DEBIAN_V4)' } @ferm::rule { 'dsa-syslog-v6': domain => 'ip6', description => 'Allow syslog access', - rule => '&SERVICE_RANGE(tcp, 5140, \$HOST_DEBIAN_V6)' + rule => '&SERVICE_RANGE(tcp, 5140, $HOST_DEBIAN_V6)' } } kaufmann: { diff --git a/modules/ferm/manifests/zivit.pp b/modules/ferm/manifests/zivit.pp index b513a3b17..42ae45964 100644 --- a/modules/ferm/manifests/zivit.pp +++ b/modules/ferm/manifests/zivit.pp @@ -9,7 +9,7 @@ class ferm::zivit { } @ferm::rule { 'dsa-time': description => 'Allow time access', - rule => '&SERVICE_RANGE(tcp, time, \$HOST_NAGIOS_V4)' + rule => '&SERVICE_RANGE(tcp, time, $HOST_NAGIOS_V4)' } } diff --git a/modules/munin/manifests/init.pp b/modules/munin/manifests/init.pp index b45d6646c..ee50bd0a3 100644 --- a/modules/munin/manifests/init.pp +++ b/modules/munin/manifests/init.pp @@ -30,14 +30,14 @@ class munin { @ferm::rule { 'dsa-munin-v4': description => 'Allow munin from munin master', - rule => 'proto tcp mod state state (NEW) dport (munin) @subchain \'munin\' { saddr (\$HOST_MUNIN_V4 \$HOST_NAGIOS_V4) ACCEPT; }', + rule => 'proto tcp mod state state (NEW) dport (munin) @subchain \'munin\' { saddr ($HOST_MUNIN_V4 $HOST_NAGIOS_V4) ACCEPT; }', notarule => true, } @ferm::rule { 'dsa-munin-v6': description => 'Allow munin from munin master', domain => 'ip6', - rule => 'proto tcp mod state state (NEW) dport (munin) @subchain \'munin\' { saddr (\$HOST_MUNIN_V6 \$HOST_NAGIOS_V6) ACCEPT; }', + rule => 'proto tcp mod state state (NEW) dport (munin) @subchain \'munin\' { saddr ($HOST_MUNIN_V6 $HOST_NAGIOS_V6) ACCEPT; }', notarule => true, } } diff --git a/modules/nagios/manifests/client.pp b/modules/nagios/manifests/client.pp index 97681295c..a2482290d 100644 --- a/modules/nagios/manifests/client.pp +++ b/modules/nagios/manifests/client.pp @@ -15,13 +15,13 @@ class nagios::client inherits nagios { @ferm::rule { 'dsa-nagios-v4': description => 'Allow nrpe from nagios master', - rule => 'proto tcp mod state state (NEW) dport (5666) @subchain \'nagios\' { saddr (\$HOST_NAGIOS_V4) ACCEPT; }', + rule => 'proto tcp mod state state (NEW) dport (5666) @subchain \'nagios\' { saddr ($HOST_NAGIOS_V4) ACCEPT; }', notarule => true, } @ferm::rule { 'dsa-nagios-v6': description => 'Allow nrpe from nagios master', domain => 'ip6', - rule => 'proto tcp mod state state (NEW) dport (5666) @subchain \'nagios\' { saddr (\$HOST_NAGIOS_V6) ACCEPT; }', + rule => 'proto tcp mod state state (NEW) dport (5666) @subchain \'nagios\' { saddr ($HOST_NAGIOS_V6) ACCEPT; }', notarule => true, } diff --git a/modules/ssh/manifests/init.pp b/modules/ssh/manifests/init.pp index b7df18102..f4e24c227 100644 --- a/modules/ssh/manifests/init.pp +++ b/modules/ssh/manifests/init.pp @@ -10,12 +10,12 @@ class ssh { @ferm::rule { 'dsa-ssh': description => 'Allow SSH from DSA', - rule => '&SERVICE_RANGE(tcp, ssh, \$SSH_SOURCES)' + rule => '&SERVICE_RANGE(tcp, ssh, $SSH_SOURCES)' } @ferm::rule { 'dsa-ssh-v6': description => 'Allow SSH from DSA', domain => 'ip6', - rule => '&SERVICE_RANGE(tcp, ssh, \$SSH_V6_SOURCES)' + rule => '&SERVICE_RANGE(tcp, ssh, $SSH_V6_SOURCES)' } file { '/etc/ssh/ssh_config':