From: Stephen Gran <steve@lobefin.net>
Date: Sat, 6 Mar 2010 12:17:52 +0000 (+0000)
Subject: another try
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=7f4fae080cd03a18dbb7998161f0893626cbad85;p=mirror%2Fdsa-puppet.git

another try

Signed-off-by: Stephen Gran <steve@lobefin.net>
---

diff --git a/modules/exim/manifests/init.pp b/modules/exim/manifests/init.pp
index 61ab93cec..956cdc099 100644
--- a/modules/exim/manifests/init.pp
+++ b/modules/exim/manifests/init.pp
@@ -158,12 +158,12 @@ class exim {
     }
     @ferm::rule { "dsa-exim":
             description     => "Allow SMTP",
-            rule            => "&SERVICE_RANGE(tcp, smtp, \$SSH_SOURCES)"
+            rule            => "&SERVICE_RANGE(tcp, smtp, \$SMTP_SOURCES)"
     }
     @ferm::rule { "dsa-exim-v6":
             description     => "Allow SMTP",
             domain          => "ip6",
-            rule            => "&SERVICE_RANGE(tcp, smtp, \$SSH_SOURCES)"
+            rule            => "&SERVICE_RANGE(tcp, smtp, \$SMTP_V6_SOURCES)"
     }
     # Do we actually want this?  I'm only doing it because it's harmless
     # and makes the logs quiet.  There are better ways of making logs quiet,
diff --git a/modules/ferm/templates/defs.conf.erb b/modules/ferm/templates/defs.conf.erb
index e4b72b32a..101e0119b 100644
--- a/modules/ferm/templates/defs.conf.erb
+++ b/modules/ferm/templates/defs.conf.erb
@@ -8,7 +8,7 @@
 }
 
 @def &SERVICE_RANGE($proto, $port, $srange) = {
- proto $proto mod state state (NEW) dport $port @subchain $port { saddr ($srange) ACCEPT; }"
+ proto $proto mod state state (NEW) dport $port @subchain '$port' { saddr ($srange) ACCEPT; }"
 }
 
 @def &TCP_UDP_SERVICE($port) = {