From 6b6ccf4c56793981a29a8b1865716b27c09ff9b4 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Tue, 30 Oct 2018 10:20:32 +0100
Subject: [PATCH] move munin rules from conf.d to the rules dir

---
 modules/ferm/manifests/init.pp                   | 16 ++++++++++++++++
 .../templates/conf.d-munin-interfaces.conf.erb   |  3 ---
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/modules/ferm/manifests/init.pp b/modules/ferm/manifests/init.pp
index a912a281f..340292b80 100644
--- a/modules/ferm/manifests/init.pp
+++ b/modules/ferm/manifests/init.pp
@@ -82,10 +82,26 @@ class ferm {
 		content => template('ferm/defs.conf.erb'),
 		notify  => Service['ferm'],
 	}
+
 	file { '/etc/ferm/conf.d/50-munin-interfaces.conf':
 		content => template('ferm/conf.d-munin-interfaces.conf.erb'),
 		notify  => Service['ferm'],
 	}
+	@ferm::rule { 'dsa-munin-interfaces-in':
+		prio        => '001',
+		description => 'munin accounting',
+		chain       => 'INPUT',
+		domain      => '(ip ip6)',
+		rule        => 'daddr ($MUNIN_IPS) NOP;'
+	}
+	@ferm::rule { 'dsa-munin-interfaces-out':
+		prio        => '001',
+		description => 'munin accounting',
+		chain       => 'OUTPUT',
+		domain      => '(ip ip6)',
+		rule        => 'saddr ($MUNIN_IPS) NOP;'
+	}
+
 	augeas { 'logrotate_ulogd2':
 		context => '/files/etc/logrotate.d/ulogd2',
 		changes => [
diff --git a/modules/ferm/templates/conf.d-munin-interfaces.conf.erb b/modules/ferm/templates/conf.d-munin-interfaces.conf.erb
index f01705098..3296e54f8 100644
--- a/modules/ferm/templates/conf.d-munin-interfaces.conf.erb
+++ b/modules/ferm/templates/conf.d-munin-interfaces.conf.erb
@@ -12,6 +12,3 @@ rescue
 	''
 end
 %>);
-
-domain (ip ip6) { chain INPUT  { daddr ($MUNIN_IPS) NOP; } }
-domain (ip ip6) { chain OUTPUT { saddr ($MUNIN_IPS) NOP; } }
-- 
2.20.1