class ssh {
-
package { [ 'openssh-client', 'openssh-server']:
ensure => installed
}
require => Package['openssh-server']
}
- ferm::rule { 'dsa-ssh':
- description => 'Allow SSH from DSA',
- rule => '&SERVICE_RANGE(tcp, ssh, $SSH_SOURCES)'
+ ferm::rule::simple { 'dsa-ssh':
+ description => 'check ssh access',
+ port => 'ssh',
+ target => 'ssh',
}
- ferm::rule { 'dsa-ssh-v6':
+ ferm::rule { 'dsa-ssh-sources':
description => 'Allow SSH from DSA',
- domain => 'ip6',
- rule => '&SERVICE_RANGE(tcp, ssh, $SSH_V6_SOURCES)'
+ chain => 'ssh',
+ rule => 'saddr ($SSH_SOURCES) ACCEPT'
}
file { '/etc/ssh/ssh_config':