]> git.donarmstrong.com Git - dsa-puppet.git/blobdiff - modules/ferm/files/ferm.conf
projects / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
apparently this is a known bug only for icmp - make target match all protocols but...
[dsa-puppet.git] / modules / ferm / files / ferm.conf
diff --git a/modules/ferm/files/ferm.conf b/modules/ferm/files/ferm.conf
index e001d650a1f497ab56cdda5b3fc1ff49d02d85cf..d25d1b4f5c2c24730fe081162b8b67dbf1867a0b 100644 (file)
--- a/modules/ferm/files/ferm.conf
+++ b/modules/ferm/files/ferm.conf
@@ -3,16 +3,16 @@
 #  Configuration file for ferm(1).
 #
 
-include "conf.d/me.conf";
+@include 'conf.d/';
 
 domain (ip ip6) {
        chain INPUT {
                policy DROP;
                mod state state (ESTABLISHED RELATED) ACCEPT;
                interface lo ACCEPT;
-               mod state state (INVALID) DROP;
                proto icmp ACCEPT;
+               proto mod state state (INVALID) DROP;
        }
 }
 
-include "dsa.d/*";
+@include 'dsa.d/';
Unnamed repository; edit this file 'description' to name the repository.