From 39000c958bd85d70d2d1b1055f8f770cabed1d90 Mon Sep 17 00:00:00 2001 From: Stephen Gran Date: Sun, 21 Feb 2010 00:03:54 +0000 Subject: [PATCH] shorten up the typing Signed-off-by: Stephen Gran --- modules/apache2/manifests/init.pp | 2 +- modules/exim/manifests/init.pp | 2 +- modules/ferm/files/defs.conf | 19 ++++++------------- modules/named/manifests/init.pp | 2 +- modules/ntp/manifests/init.pp | 2 +- 5 files changed, 10 insertions(+), 17 deletions(-) diff --git a/modules/apache2/manifests/init.pp b/modules/apache2/manifests/init.pp index cd2a4e40a..6235ed3a2 100644 --- a/modules/apache2/manifests/init.pp +++ b/modules/apache2/manifests/init.pp @@ -132,6 +132,6 @@ class apache2 { @ferm::rule { "dsa-apache": domain => "(ip ip6)", description => "Allow web access", - rule => "proto tcp mod state state (NEW) dport (80) ACCEPT" + rule => "&SERVICE(tcp, 80)" } } diff --git a/modules/exim/manifests/init.pp b/modules/exim/manifests/init.pp index 858527909..6856da2c8 100644 --- a/modules/exim/manifests/init.pp +++ b/modules/exim/manifests/init.pp @@ -159,6 +159,6 @@ class exim { @ferm::rule { "dsa-exim": domain => "(ip ip6)", description => "Allow smtp access", - rule => "proto tcp mod state state (NEW) dport (25) ACCEPT" + rule => "&SERVICE(tcp, 25)" } } diff --git a/modules/ferm/files/defs.conf b/modules/ferm/files/defs.conf index 0359fa921..b78b9abf9 100644 --- a/modules/ferm/files/defs.conf +++ b/modules/ferm/files/defs.conf @@ -4,23 +4,16 @@ ## @def &SERVICE($proto, $port) = { - domain (ip ip6) chain INPUT proto $proto dport $port ACCEPT; + proto $proto mod state state (NEW) dport $port ACCEPT; } -@def &V4_SERVICE($proto, $port) = { - domain ip chain INPUT proto $proto dport $port ACCEPT; +@def &SERVICE_RANGE($proto, $port, $srange) = { + proto $proto mod state state (NEW) dport $port saddr ($srange) ACCEPT; } -@def &V6_SERVICE($proto, $port) = { - domain ip6 chain INPUT proto $proto dport $port ACCEPT; -} - -@def &V4_SERVICE_RANGE($proto, $port, $srange) = { - domain ip chain INPUT proto $proto dport $port saddr $srange ACCEPT; -} - -@def &V6_SERVICE_RANGE($proto, $port, $srange) = { - domain ip6 chain INPUT proto $proto dport $port saddr $srange ACCEPT; +@def &TCP_UDP_SERVICE($port) = { + proto tcp mod state state (NEW) dport $port ACCEPT; + proto udp mod state state (NEW) dport $port ACCEPT; } @def $HOST_MUNIN = (192.25.206.57 192.25.206.33); diff --git a/modules/named/manifests/init.pp b/modules/named/manifests/init.pp index 65d4cc5f1..719c0e7b4 100644 --- a/modules/named/manifests/init.pp +++ b/modules/named/manifests/init.pp @@ -28,7 +28,7 @@ class named { @ferm::rule { "dsa-bind": domain => "(ip ip6)", description => "Allow nameserver access", - rule => "proto (udp tcp) mod state state (NEW) dport (53) ACCEPT" + rule => "&TCP_UDP_SERVICE(53)" } } diff --git a/modules/ntp/manifests/init.pp b/modules/ntp/manifests/init.pp index ace2f8f8d..af086f684 100644 --- a/modules/ntp/manifests/init.pp +++ b/modules/ntp/manifests/init.pp @@ -28,6 +28,6 @@ class ntp { @ferm::rule { "dsa-ntp": domain => "(ip ip6)", description => "Allow ntp access", - rule => "proto udp mod state state (NEW) dport (123) ACCEPT" + rule => "&SERVICE(udp, 123)" } } -- 2.20.1