X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=modules%2Fferm%2Fmanifests%2Finit.pp;h=5bedd6c9f37b45945c590aed42ad4889923cd133;hb=4b22086f6f79221555bcaab12b4553ae232b8f9d;hp=ee9ce77c72366d30f9d095db5d5e9a2f71bc47f3;hpb=ab49c5ba96da2424ab21fc6145e7e6b656baea4e;p=dsa-puppet.git

diff --git a/modules/ferm/manifests/init.pp b/modules/ferm/manifests/init.pp
index ee9ce77c..5bedd6c9 100644
--- a/modules/ferm/manifests/init.pp
+++ b/modules/ferm/manifests/init.pp
@@ -27,11 +27,15 @@ class ferm {
                         content => template("ferm/me.conf.erb"),
                         require => Package["ferm"],
                         notify  => Exec["ferm restart"];
+                "/etc/ferm/conf.d/defs.conf":
+                        source  => "puppet:///ferm/defs.conf",
+                        require => Package["ferm"],
+                        notify  => Exec["ferm restart"];
         }
 
         ferm::rule { "dsa-ssh":
                 description     => "Allow SSH from DSA",
-                rule            => "proto tcp mod state state (NEW) dport (ssh) @subchain 'ssh' { saddr (\$SSH_SOURCES) ACCEPT; }"
+                rule            => "domain (ip ip6) proto tcp mod state state (NEW) dport (ssh) @subchain 'ssh' { saddr (\$SSH_SOURCES) ACCEPT; }"
         }
 
         exec { "ferm restart":