From: Peter Palfrader <peter@palfrader.org>
Date: Sat, 7 Sep 2019 16:20:46 +0000 (+0200)
Subject: ssh restrict dns geo and dns primary hosts
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=f4c1997a59f42eacc5034734c44c97b94325f1ce;p=mirror%2Fdsa-puppet.git

ssh restrict dns geo and dns primary hosts
---

diff --git a/modules/ferm/templates/me.conf.erb b/modules/ferm/templates/me.conf.erb
index a1754e8e5..e1a581738 100644
--- a/modules/ferm/templates/me.conf.erb
+++ b/modules/ferm/templates/me.conf.erb
@@ -29,7 +29,7 @@ should_restrict = restrict_ssh.include?(@hostname)
 end
 
 
-if restrict_ssh.include?(@hostname) then
+if should_restrict then
 	ssh4allowed << %w{$DSA_IPS    $HOST_NAGIOS_V4 $HOST_MUNIN_V4 $HOST_DB_V4}
 	ssh6allowed << %w{$DSA_V6_IPS $HOST_NAGIOS_V6 $HOST_MUNIN_V6 $HOST_DB_V6}