let's see if this works

[dsa-puppet.git] / modules / ferm / manifests / init.pp

diff --git a/modules/ferm/manifests/init.pp b/modules/ferm/manifests/init.pp
index d97e1816a16fb4c376897dc90824d355fe598e8c..a8798c82a49654ebf0e68c78d4f61a79f2588f25 100644 (file)
--- a/modules/ferm/manifests/init.pp
+++ b/modules/ferm/manifests/init.pp
@@ -1,5 +1,5 @@
 class ferm {
-       define ferm_rule($domain="ip", $chain="INPUT", $rule, $description="", $prio="00") {
+       define rule($domain="ip", $chain="INPUT", $rule, $description="", $prio="00") {
                file { "/etc/ferm/dsa.d/${prio}_${name}":
                        ensure  => present,
                        owner   => root,
@@ -15,12 +15,21 @@ class ferm {
                 "/etc/ferm/dsa.d": 
                         ensure => directory,
                         require => Package["ferm"];
-                "/etc/ferm/dsa.d/me.conf":
+                "/etc/ferm/conf.d": 
+                        ensure => directory,
+                        require => Package["ferm"];
+                "/etc/ferm/conf.d/me.conf":
                         content => template("ferm/me.conf.erb"),
                         require => Package["ferm"],
                         notify  => Exec["ferm restart"];
         }
 
+        ferm::rule { "dsa-ssh":
+                description     => "Allow SSH from DSA",
+                rule            => "proto tcp dport ssh ACCEPT"
+        }
+
+        ferm_rule(
         exec { "ferm restart":
                 path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
                 refreshonly => true,