maybe this is not wrong, take 4

Signed-off-by: Stephen Gran <steve@lobefin.net>

diff --git a/modules/ferm/manifests/init.pp b/modules/ferm/manifests/init.pp
index 133665dcdc68fec85dd8c340870b667317b6f6d6..54cea1f2b1aac848a079ef015861296e07ea8dc1 100644 (file)
--- a/modules/ferm/manifests/init.pp
+++ b/modules/ferm/manifests/init.pp
@@ -30,7 +30,7 @@ class ferm {
 
         ferm::rule { "dsa-ssh":
                 description     => "Allow SSH from DSA",
-                rule            => "proto tcp mod state state (NEW) dport (ssh) @subchain 'ssh' { saddr ($MY_SSH_ACCEPT_HOSTS) ACCEPT; }"
+                rule            => "proto tcp mod state state (NEW) dport (ssh) @subchain 'ssh' { saddr ($SSH_SOURCES) ACCEPT; }"
         }
 
         exec { "ferm restart":