]> git.donarmstrong.com Git - dsa-puppet.git/blobdiff - modules/unbound/manifests/init.pp
projects / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
we pass lists of ranges to ferm
[dsa-puppet.git] / modules / unbound / manifests / init.pp
diff --git a/modules/unbound/manifests/init.pp b/modules/unbound/manifests/init.pp
index 7fca15ee53cc00f11df46396c2532522c5181962..9ef5d9dad544ced31ee77710bc154d0b72af4407 100644 (file)
--- a/modules/unbound/manifests/init.pp
+++ b/modules/unbound/manifests/init.pp
@@ -51,12 +51,12 @@ class unbound {
                     @ferm::rule { "dsa-dns":
                         domain          => "ip",
                         description     => "Allow nameserver access",
-                        rule            => sprintf("&TCP_UDP_SERVICE_RANGE(53, %s)", join_spc(filter_ipv4(getfromhash($nodeinfo, 'hoster', 'allow_dns_query')))),
+                        rule            => sprintf("&TCP_UDP_SERVICE_RANGE(53, (%s))", join_spc(filter_ipv4(getfromhash($nodeinfo, 'hoster', 'allow_dns_query')))),
                     }
                     @ferm::rule { "dsa-dns6":
                         domain          => "ip6",
                         description     => "Allow nameserver access",
-                        rule            => sprintf("&TCP_UDP_SERVICE_RANGE(53, %s)", join_spc(filter_ipv6(getfromhash($nodeinfo, 'hoster', 'allow_dns_query')))),
+                        rule            => sprintf("&TCP_UDP_SERVICE_RANGE(53, (%s))", join_spc(filter_ipv6(getfromhash($nodeinfo, 'hoster', 'allow_dns_query')))),
                     }
                 }
             }
Unnamed repository; edit this file 'description' to name the repository.