restrict stunnel to debian hosts

[dsa-puppet.git] / modules / stunnel4 / manifests / init.pp

diff --git a/modules/stunnel4/manifests/init.pp b/modules/stunnel4/manifests/init.pp
index b26cdbc55f6691bf43caf804760c0a56c167ddb2..16a5c26d06c2deb2d0c62b59e2c41ec39c645f78 100644 (file)
--- a/modules/stunnel4/manifests/init.pp
+++ b/modules/stunnel4/manifests/init.pp
@@ -29,9 +29,13 @@ class stunnel4 {
         @ferm::rule {
             "stunnel-${name}":
                 description => "stunnel ${name}",
-                rule => "&TCP_UDP_SERVICE(${accept})",
-                domain => "(ip ip6)",
+                rule => "&SERVICE_RANGE(tcp, ${accept}, \$HOST_DEBIAN_V4)",
                 ;
+            "stunnel-${name}-v6":
+                domain          => 'ip6',
+                description => "stunnel ${name}",
+                rule => "&SERVICE_RANGE(tcp, ${accept}, \$HOST_DEBIAN_V6)",
+            }
         }
     }
     define stunnel_client($accept, $connecthost, $connectport) {