From a467353070bb0213d5e06382354696f7b97167b1 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Sun, 22 Sep 2019 18:48:40 +0200
Subject: [PATCH] Move archvsync ferm sshs from the input chain to the new ssh
 chain

---
 modules/roles/manifests/ftp_master.pp        | 2 +-
 modules/roles/manifests/historical_master.pp | 2 +-
 modules/roles/manifests/ports_master.pp      | 2 +-
 modules/roles/manifests/security_master.pp   | 2 +-
 modules/roles/manifests/syncproxy.pp         | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/modules/roles/manifests/ftp_master.pp b/modules/roles/manifests/ftp_master.pp
index 1b68123c4..5bef58726 100644
--- a/modules/roles/manifests/ftp_master.pp
+++ b/modules/roles/manifests/ftp_master.pp
@@ -19,7 +19,7 @@ class roles::ftp_master {
   @@ferm::rule::simple { "dsa-ssh-from-ftp_master-${::fqdn}":
     tag         => 'ssh::server::from::ftp_master',
     description => 'Allow ssh access from ftp_master',
-    port        => '22',
+    chain       => 'ssh',
     saddr       => $base::public_addresses,
   }
 }
diff --git a/modules/roles/manifests/historical_master.pp b/modules/roles/manifests/historical_master.pp
index 248c832cb..535c0fbeb 100644
--- a/modules/roles/manifests/historical_master.pp
+++ b/modules/roles/manifests/historical_master.pp
@@ -3,7 +3,7 @@ class roles::historical_master {
   @@ferm::rule::simple { "dsa-ssh-from-historical_master-${::fqdn}":
     tag         => 'ssh::server::from::historical_master',
     description => 'Allow ssh access from historical-master',
-    port        => '22',
+    chain       => 'ssh',
     saddr       => $base::public_addresses,
   }
 }
diff --git a/modules/roles/manifests/ports_master.pp b/modules/roles/manifests/ports_master.pp
index ffc24c37c..2faf0e027 100644
--- a/modules/roles/manifests/ports_master.pp
+++ b/modules/roles/manifests/ports_master.pp
@@ -23,7 +23,7 @@ class roles::ports_master {
   @@ferm::rule::simple { "dsa-ssh-from-ports_master-${::fqdn}":
     tag         => 'ssh::server::from::ports_master',
     description => 'Allow ssh access from ports-master',
-    port        => '22',
+    chain       => 'ssh',
     saddr       => $base::public_addresses,
   }
 }
diff --git a/modules/roles/manifests/security_master.pp b/modules/roles/manifests/security_master.pp
index c627ac0f7..143259f21 100644
--- a/modules/roles/manifests/security_master.pp
+++ b/modules/roles/manifests/security_master.pp
@@ -18,7 +18,7 @@ class roles::security_master {
   @@ferm::rule::simple { "dsa-ssh-from-security_master-${::fqdn}":
     tag         => 'ssh::server::from::security_master',
     description => 'Allow ssh access from security_master',
-    port        => '22',
+    chain       => 'ssh',
     saddr       => $base::public_addresses,
   }
 }
diff --git a/modules/roles/manifests/syncproxy.pp b/modules/roles/manifests/syncproxy.pp
index cb017d529..aa452f0dc 100644
--- a/modules/roles/manifests/syncproxy.pp
+++ b/modules/roles/manifests/syncproxy.pp
@@ -63,7 +63,7 @@ class roles::syncproxy(
   @@ferm::rule::simple { "dsa-ssh-from-syncproxy-${::fqdn}":
     tag         => 'ssh::server::from::syncproxy',
     description => 'Allow ssh access from a syncproxy',
-    port        => '22',
+    chain       => 'ssh',
     saddr       => $ssh_source_addresses,
   }
   # syncproxies should be accessible from various role hosts
-- 
2.20.1