From: Peter Palfrader <peter@palfrader.org>
Date: Mon, 21 Mar 2011 12:04:09 +0000 (+0100)
Subject: restrict stunnel to debian hosts
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=8c9c82ba3bc988c17f853908ccbccfde21db5dd4;p=mirror%2Fdsa-puppet.git

restrict stunnel to debian hosts
---

diff --git a/modules/stunnel4/manifests/init.pp b/modules/stunnel4/manifests/init.pp
index b26cdbc55..16a5c26d0 100644
--- a/modules/stunnel4/manifests/init.pp
+++ b/modules/stunnel4/manifests/init.pp
@@ -29,9 +29,13 @@ class stunnel4 {
         @ferm::rule {
             "stunnel-${name}":
                 description => "stunnel ${name}",
-                rule => "&TCP_UDP_SERVICE(${accept})",
-                domain => "(ip ip6)",
+                rule => "&SERVICE_RANGE(tcp, ${accept}, \$HOST_DEBIAN_V4)",
                 ;
+            "stunnel-${name}-v6":
+                domain          => 'ip6',
+                description => "stunnel ${name}",
+                rule => "&SERVICE_RANGE(tcp, ${accept}, \$HOST_DEBIAN_V6)",
+            }
         }
     }
     define stunnel_client($accept, $connecthost, $connectport) {