Merge branch 'master' of git+ssh://puppet.debian.org/srv/puppet.debian.org/git/dsa...

[dsa-puppet.git] / modules / ferm / templates / interfaces.conf.erb

diff --git a/modules/ferm/templates/interfaces.conf.erb b/modules/ferm/templates/interfaces.conf.erb
index 0b575d46470718e14abe474b611c42cc0fba8404..af6585a5c7de963b67876e0e75a2307e95b37dbd 100644 (file)
--- a/modules/ferm/templates/interfaces.conf.erb
+++ b/modules/ferm/templates/interfaces.conf.erb
@@ -1,9 +1,38 @@
-def $MUNIN_IFS = (<%=
-ifs = []
-interfaces.split(',').each do |iface|
-  next unless Kernel.global_variables.include?("ipaddress_" + iface)
-  ifs << iface
+def $MUNIN_IPS = (<%=
+begin
+       v4ips.split(',').join(' ')
+rescue
+       ''
 end
-ifs.join(' ')
 %>);
+def $MUNIN6_IPS = (<%=
+begin
+       v6ips == 'no' ? '' : v6ips.split(',').join(' ')
+rescue
+       ''
+end
+%>);
+
+domain ip {
+        chain INPUT {
+               daddr ($MUNIN_IPS) NOP;
+        }
+}
+
+domain ip {
+        chain OUTPUT {
+               saddr ($MUNIN_IPS) NOP;
+        }
+}
+
+domain ip6 {
+        chain INPUT {
+               daddr ($MUNIN6_IPS) NOP;
+        }
+}
 
+domain ip6 {
+        chain OUTPUT {
+               saddr ($MUNIN6_IPS) NOP;
+        }
+}