might work better

author Stephen Gran <steve@lobefin.net>

Sat, 20 Feb 2010 20:21:55 +0000 (20:21 +0000)

committer Stephen Gran <steve@lobefin.net>

Sat, 20 Feb 2010 20:21:55 +0000 (20:21 +0000)
author Stephen Gran <steve@lobefin.net>
Sat, 20 Feb 2010 20:21:55 +0000 (20:21 +0000)
committer Stephen Gran <steve@lobefin.net>
Sat, 20 Feb 2010 20:21:55 +0000 (20:21 +0000)
diff --git a/modules/ferm/manifests/init.pp b/modules/ferm/manifests/init.pp

index 5bedd6c9f37b45945c590aed42ad4889923cd133..78becb9a5d12952c42ffc5717df590dc69f5c0b9 100644 (file)
--- a/modules/ferm/manifests/init.pp
+++ b/modules/ferm/manifests/init.pp
@@ -35,7 +35,8 @@ class ferm {
  
          ferm::rule { "dsa-ssh":
                  description     => "Allow SSH from DSA",
-                rule            => "domain (ip ip6) proto tcp mod state state (NEW) dport (ssh) @subchain 'ssh' { saddr (\$SSH_SOURCES) ACCEPT; }"
+                domain          => "(ip ip6)",
+                rule            => "proto tcp mod state state (NEW) dport (ssh) @subchain 'ssh' { saddr (\$SSH_SOURCES) ACCEPT; }"
          }
  
          exec { "ferm restart":
author	Stephen Gran <steve@lobefin.net>
	Sat, 20 Feb 2010 20:21:55 +0000 (20:21 +0000)
committer	Stephen Gran <steve@lobefin.net>
	Sat, 20 Feb 2010 20:21:55 +0000 (20:21 +0000)