From: Stephen Gran <steve@lobefin.net>
Date: Mon, 21 Jan 2013 11:52:33 +0000 (+0000)
Subject: make TCP_UDP_SERVICE not be stateful
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=ee2c3a95c7c4accc34846a4f33097535f2b9f4b0;p=mirror%2Fdsa-puppet.git

make TCP_UDP_SERVICE not be stateful

Signed-off-by: Stephen Gran <steve@lobefin.net>
---

diff --git a/modules/ferm/templates/defs.conf.erb b/modules/ferm/templates/defs.conf.erb
index 5251421fd..366fbf05f 100644
--- a/modules/ferm/templates/defs.conf.erb
+++ b/modules/ferm/templates/defs.conf.erb
@@ -16,7 +16,7 @@
 }
 
 @def &TCP_UDP_SERVICE_RANGE($port, $srange) = {
- proto (tcp udp) mod state state (NEW) dport $port @subchain "$port" { saddr ($srange) ACCEPT; }"
+ proto (tcp udp) dport $port @subchain "$port" { saddr ($srange) ACCEPT; }"
 }
 
 @def $HOST_MAILRELAY_V4 = (<%=