From: Luca Filipozzi <lfilipoz@emyr.net>
Date: Tue, 17 Apr 2012 23:29:08 +0000 (+0000)
Subject: improve drbd ferm rule
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=dac3e41213e7870450d3e05cae99870765e1f927;hp=c6872f30223f23afe81c6905a061a6a5c38a22f7;p=mirror%2Fdsa-puppet.git

improve drbd ferm rule
---

diff --git a/modules/ganeti2/manifests/init.pp b/modules/ganeti2/manifests/init.pp
index 887d44816..8630c1306 100644
--- a/modules/ganeti2/manifests/init.pp
+++ b/modules/ganeti2/manifests/init.pp
@@ -24,7 +24,7 @@ class ganeti2 {
 
 	@ferm::rule { 'dsa-drbd-v4':
 		description => 'Allow ganeti from ganeti master',
-		rule        => 'proto tcp mod state state (NEW) dport (11000-11999) @subchain \'drbd\' { saddr ($HOST_DRBD_V4) ACCEPT; }',
+		rule        => 'proto tcp mod state state (NEW) dport (11000:11999) @subchain \'drbd\' { saddr ($HOST_DRBD_V4) daddr ($HOST_DRBD_4) ACCEPT; }',
 		notarule    => true,
 	}
 }