use new split v4/v6 defs in template

[dsa-puppet.git] / modules / ferm / templates / me.conf.erb

diff --git a/modules/ferm/templates/me.conf.erb b/modules/ferm/templates/me.conf.erb
index 5dfaca3f46d57c5dfa1ca27c733068471ab2ceac..8c3c234e02267799e1bb34a6323275e92dc15b00 100644 (file)
--- a/modules/ferm/templates/me.conf.erb
+++ b/modules/ferm/templates/me.conf.erb
@@ -5,9 +5,31 @@
 
 
 @def $SSH_SOURCES = (<%=
+
+sshallowed = []
+
+case hostname
+  when 'logtest01' then sshallowed << [ '$DSA_IPS', '$HOST_NAGIOS_V4', '$HOST_DB_V4' ]
+end
+
+if sshallowed.length == 0
+  sshallowed = [ '0.0.0.0' ]
+end
+
+sshallowed.join(' ')
+%>);
+
+@def $SSH_V6_SOURCES = (<%=
+
 sshallowed = []
+
 case hostname
-  when 'logtest01' then sshallowed << '0.0.0.0/0'
+  when 'logtest01' then sshallowed << [ '$DSA_V6_IPS', '$HOST_NAGIOS_V6', '$HOST_DB_V6' ]
+end
+
+if sshallowed.length == 0
+  sshallowed = [ ':::' ]
 end
+
 sshallowed.join(' ')
 %>);