From 29a4c4d0b38abbd11c7e21235382e460215b172d Mon Sep 17 00:00:00 2001
From: Stephen Gran <steve@lobefin.net>
Date: Sat, 20 Feb 2010 19:48:18 +0000
Subject: [PATCH] maybe this is not wrong

Signed-off-by: Stephen Gran <steve@lobefin.net>
---
 modules/ferm/manifests/init.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/ferm/manifests/init.pp b/modules/ferm/manifests/init.pp
index 0d93d3aeb..ebf8fe57d 100644
--- a/modules/ferm/manifests/init.pp
+++ b/modules/ferm/manifests/init.pp
@@ -30,7 +30,7 @@ class ferm {
 
         ferm::rule { "dsa-ssh":
                 description     => "Allow SSH from DSA",
-                rule            => "proto tcp dport ssh ACCEPT"
+                rule            => "proto tcp mod state state (NEW) dport (ssh) @subchain "ssh" { saddr ($MY_SSH_ACCEPT_HOSTS) ACCEPT; }
         }
 
         exec { "ferm restart":
-- 
2.20.1