From 4c729553b909749951a012ad7d75309c1487a9c1 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Wed, 1 Jan 2014 21:58:49 +0100
Subject: [PATCH] maybe these firewall rules are better

---
 modules/named/manifests/init.pp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/named/manifests/init.pp b/modules/named/manifests/init.pp
index da2313c13..2868a070f 100644
--- a/modules/named/manifests/init.pp
+++ b/modules/named/manifests/init.pp
@@ -25,12 +25,12 @@ class named {
 		@ferm::rule { '01-dsa-bind-4':
 			domain      => '(ip)',
 			description => 'Allow nameserver access',
-			rule        => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V4)',
+			rule        => '&TCP_UDP_SERVICE_RANGE(53, $HOST_DEBIAN_V4)',
 		}
 		@ferm::rule { '01-dsa-bind-6':
 			domain      => '(ip6)',
 			description => 'Allow nameserver access',
-			rule        => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V6)',
+			rule        => '&TCP_UDP_SERVICE_RANGE(53, $HOST_DEBIAN_V6)',
 		}
 	} else {
 		@ferm::rule { '01-dsa-bind':
-- 
2.20.1