we pass lists of ranges to ferm

author Peter Palfrader <peter@palfrader.org>

Wed, 2 Mar 2011 18:30:12 +0000 (19:30 +0100)

committer Peter Palfrader <peter@palfrader.org>

Wed, 2 Mar 2011 18:30:12 +0000 (19:30 +0100)
author Peter Palfrader <peter@palfrader.org>
Wed, 2 Mar 2011 18:30:12 +0000 (19:30 +0100)
committer Peter Palfrader <peter@palfrader.org>
Wed, 2 Mar 2011 18:30:12 +0000 (19:30 +0100)
diff --git a/modules/unbound/manifests/init.pp b/modules/unbound/manifests/init.pp

index 7fca15e..9ef5d9d 100644 (file)
--- a/modules/unbound/manifests/init.pp
+++ b/modules/unbound/manifests/init.pp
@@ -51,12 +51,12 @@ class unbound {
                      @ferm::rule { "dsa-dns":
                          domain          => "ip",
                          description     => "Allow nameserver access",
-                        rule            => sprintf("&TCP_UDP_SERVICE_RANGE(53, %s)", join_spc(filter_ipv4(getfromhash($nodeinfo, 'hoster', 'allow_dns_query')))),
+                        rule            => sprintf("&TCP_UDP_SERVICE_RANGE(53, (%s))", join_spc(filter_ipv4(getfromhash($nodeinfo, 'hoster', 'allow_dns_query')))),
                      }
                      @ferm::rule { "dsa-dns6":
                          domain          => "ip6",
                          description     => "Allow nameserver access",
-                        rule            => sprintf("&TCP_UDP_SERVICE_RANGE(53, %s)", join_spc(filter_ipv6(getfromhash($nodeinfo, 'hoster', 'allow_dns_query')))),
+                        rule            => sprintf("&TCP_UDP_SERVICE_RANGE(53, (%s))", join_spc(filter_ipv6(getfromhash($nodeinfo, 'hoster', 'allow_dns_query')))),
                      }
                  }
              }
author	Peter Palfrader <peter@palfrader.org>
	Wed, 2 Mar 2011 18:30:12 +0000 (19:30 +0100)
committer	Peter Palfrader <peter@palfrader.org>
	Wed, 2 Mar 2011 18:30:12 +0000 (19:30 +0100)