From a45e9562bc9908f929b81efe532d64f20c03242a Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Wed, 2 Mar 2011 19:30:12 +0100
Subject: [PATCH] we pass lists of ranges to ferm

---
 modules/unbound/manifests/init.pp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/modules/unbound/manifests/init.pp b/modules/unbound/manifests/init.pp
index 7fca15ee5..9ef5d9dad 100644
--- a/modules/unbound/manifests/init.pp
+++ b/modules/unbound/manifests/init.pp
@@ -51,12 +51,12 @@ class unbound {
                     @ferm::rule { "dsa-dns":
                         domain          => "ip",
                         description     => "Allow nameserver access",
-                        rule            => sprintf("&TCP_UDP_SERVICE_RANGE(53, %s)", join_spc(filter_ipv4(getfromhash($nodeinfo, 'hoster', 'allow_dns_query')))),
+                        rule            => sprintf("&TCP_UDP_SERVICE_RANGE(53, (%s))", join_spc(filter_ipv4(getfromhash($nodeinfo, 'hoster', 'allow_dns_query')))),
                     }
                     @ferm::rule { "dsa-dns6":
                         domain          => "ip6",
                         description     => "Allow nameserver access",
-                        rule            => sprintf("&TCP_UDP_SERVICE_RANGE(53, %s)", join_spc(filter_ipv6(getfromhash($nodeinfo, 'hoster', 'allow_dns_query')))),
+                        rule            => sprintf("&TCP_UDP_SERVICE_RANGE(53, (%s))", join_spc(filter_ipv6(getfromhash($nodeinfo, 'hoster', 'allow_dns_query')))),
                     }
                 }
             }
-- 
2.20.1