From 446a74676ae69d25525215b8f57158d71e5a47f6 Mon Sep 17 00:00:00 2001
From: Stephen Gran <steve@lobefin.net>
Date: Sat, 20 Feb 2010 22:11:43 +0000
Subject: [PATCH] add v4 and v6 any rules

Signed-off-by: Stephen Gran <steve@lobefin.net>
---
 modules/apache2/manifests/init.pp    | 1 +
 modules/exim/manifests/init.pp       | 1 +
 modules/munin-node/manifests/init.pp | 9 +++++----
 modules/nagios/manifests/client.pp   | 1 +
 modules/named/manifests/init.pp      | 1 +
 modules/ntp/manifests/init.pp        | 1 +
 6 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/modules/apache2/manifests/init.pp b/modules/apache2/manifests/init.pp
index 9975b5460..03f29bd17 100644
--- a/modules/apache2/manifests/init.pp
+++ b/modules/apache2/manifests/init.pp
@@ -130,6 +130,7 @@ class apache2 {
                refreshonly => true,
 	}
         ferm::rule { "dsa-apache":
+                domain          => (ip ip6),
                 description     => "Allow web access",
                 rule            => "proto tcp mod state state (NEW) dport (80) ACCEPT"
         }
diff --git a/modules/exim/manifests/init.pp b/modules/exim/manifests/init.pp
index f488918a3..4acee3b69 100644
--- a/modules/exim/manifests/init.pp
+++ b/modules/exim/manifests/init.pp
@@ -157,6 +157,7 @@ class exim {
         refreshonly => true,
     }
     ferm::rule { "dsa-exim":
+            domain          => (ip ip6),
             description     => "Allow smtp access",
             rule            => "proto tcp mod state state (NEW) dport (25) ACCEPT"
     }
diff --git a/modules/munin-node/manifests/init.pp b/modules/munin-node/manifests/init.pp
index 6dc8b07ea..c8727dde2 100644
--- a/modules/munin-node/manifests/init.pp
+++ b/modules/munin-node/manifests/init.pp
@@ -75,9 +75,10 @@ class munin-node {
         path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
         refreshonly => true,
     }
-   ferm::rule { "dsa-munin":
-           description     => "Allow munin from munin master",
-           rule            => "proto tcp mod state state (NEW) dport (munin) @subchain 'munin' { saddr (\$HOST_MUNIN) ACCEPT; }"
-   }
+    ferm::rule { "dsa-munin":
+            domain          => (ip ip6),
+            description     => "Allow munin from munin master",
+            rule            => "proto tcp mod state state (NEW) dport (munin) @subchain 'munin' { saddr (\$HOST_MUNIN) ACCEPT; }"
+    }
 }
 
diff --git a/modules/nagios/manifests/client.pp b/modules/nagios/manifests/client.pp
index edfbbfadc..7fcbb03da 100644
--- a/modules/nagios/manifests/client.pp
+++ b/modules/nagios/manifests/client.pp
@@ -46,6 +46,7 @@ class nagios::client inherits nagios {
 		refreshonly => true,
 	}
         ferm::rule { "dsa-nagios":
+                domain          => (ip ip6),
                 description     => "Allow nrpe from nagios master",
                 rule            => "proto tcp mod state state (NEW) dport (5666) @subchain 'nagios' { saddr (\$HOST_NAGIOS) ACCEPT; }"
         }
diff --git a/modules/named/manifests/init.pp b/modules/named/manifests/init.pp
index 73c7cdcb3..9c4b82b1a 100644
--- a/modules/named/manifests/init.pp
+++ b/modules/named/manifests/init.pp
@@ -26,6 +26,7 @@ class named {
                         ;
         }
         ferm::rule { "dsa-bind":
+                domain          => (ip ip6),
                 description     => "Allow nameserver access",
                 rule            => "proto (udp tcp) mod state state (NEW) dport (53) ACCEPT"
         }
diff --git a/modules/ntp/manifests/init.pp b/modules/ntp/manifests/init.pp
index 00b3340b8..a499bb638 100644
--- a/modules/ntp/manifests/init.pp
+++ b/modules/ntp/manifests/init.pp
@@ -26,6 +26,7 @@ class ntp {
 		refreshonly => true,
 	}
         ferm::rule { "dsa-ntp":
+                domain          => (ip ip6),
                 description     => "Allow ntp access",
                 rule            => "proto udp mod state state (NEW) dport (123) ACCEPT"
         }
-- 
2.20.1