another try

Signed-off-by: Stephen Gran <steve@lobefin.net>

diff --git a/modules/exim/manifests/init.pp b/modules/exim/manifests/init.pp
index 61ab93c..956cdc0 100644 (file)
--- a/modules/exim/manifests/init.pp
+++ b/modules/exim/manifests/init.pp
@@ -158,12 +158,12 @@ class exim {
     }
     @ferm::rule { "dsa-exim":
             description     => "Allow SMTP",
-            rule            => "&SERVICE_RANGE(tcp, smtp, \$SSH_SOURCES)"
+            rule            => "&SERVICE_RANGE(tcp, smtp, \$SMTP_SOURCES)"
     }
     @ferm::rule { "dsa-exim-v6":
             description     => "Allow SMTP",
             domain          => "ip6",
-            rule            => "&SERVICE_RANGE(tcp, smtp, \$SSH_SOURCES)"
+            rule            => "&SERVICE_RANGE(tcp, smtp, \$SMTP_V6_SOURCES)"
     }
     # Do we actually want this?  I'm only doing it because it's harmless
     # and makes the logs quiet.  There are better ways of making logs quiet,

diff --git a/modules/ferm/templates/defs.conf.erb b/modules/ferm/templates/defs.conf.erb
index e4b72b3..101e011 100644 (file)
--- a/modules/ferm/templates/defs.conf.erb
+++ b/modules/ferm/templates/defs.conf.erb
@@ -8,7 +8,7 @@
 }
 
 @def &SERVICE_RANGE($proto, $port, $srange) = {
- proto $proto mod state state (NEW) dport $port @subchain $port { saddr ($srange) ACCEPT; }"
+ proto $proto mod state state (NEW) dport $port @subchain '$port' { saddr ($srange) ACCEPT; }"
 }
 
 @def &TCP_UDP_SERVICE($port) = {