From: Peter Palfrader Date: Tue, 6 Mar 2018 12:30:48 +0000 (+0100) Subject: start ferm config with a 00-init and start SSH*SOURCES there X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=2da9347e3403929ef8fa36f76cce777d9701c082;p=mirror%2Fdsa-puppet.git start ferm config with a 00-init and start SSH*SOURCES there --- diff --git a/modules/ferm/manifests/init.pp b/modules/ferm/manifests/init.pp index 23dfc2a79..06bafa9c6 100644 --- a/modules/ferm/manifests/init.pp +++ b/modules/ferm/manifests/init.pp @@ -80,6 +80,10 @@ class ferm { content => template('ferm/ferm.conf.erb'), notify => Service['ferm'], } + file { '/etc/ferm/conf.d/00-init.conf': + content => template('ferm/00-init.conf.erb'), + notify => Service['ferm'], + } file { '/etc/ferm/conf.d/me.conf': content => template('ferm/me.conf.erb'), notify => Service['ferm'], diff --git a/modules/ferm/templates/00-init.conf.erb b/modules/ferm/templates/00-init.conf.erb new file mode 100644 index 000000000..2c3bb1059 --- /dev/null +++ b/modules/ferm/templates/00-init.conf.erb @@ -0,0 +1,2 @@ +@def $SSH_SOURCES = (); +@def $SSH_V6_SOURCES = (); diff --git a/modules/ferm/templates/me.conf.erb b/modules/ferm/templates/me.conf.erb index c392a270b..87b7d0037 100644 --- a/modules/ferm/templates/me.conf.erb +++ b/modules/ferm/templates/me.conf.erb @@ -94,8 +94,8 @@ end ssh4allowed.length == 0 and ssh4allowed << '0.0.0.0/0' ssh6allowed.length == 0 and ssh6allowed << '::/0' -out << "@def $SSH_SOURCES = (#{ssh4allowed.join(' ')});" -out << "@def $SSH_V6_SOURCES = (#{ssh6allowed.join(' ')});" +out << "@def $SSH_SOURCES = ( $SSH_SOURCES #{ssh4allowed.join(' ')});" +out << "@def $SSH_V6_SOURCES = ( $SSH_V6_SOURCES #{ssh6allowed.join(' ')});"