From: Stephen Gran <steve@lobefin.net>
Date: Sat, 20 Feb 2010 19:48:18 +0000 (+0000)
Subject: maybe this is not wrong
X-Git-Url: https://git.donarmstrong.com/?a=commitdiff_plain;h=29a4c4d0b38abbd11c7e21235382e460215b172d;p=dsa-puppet.git

maybe this is not wrong

Signed-off-by: Stephen Gran <steve@lobefin.net>
---

diff --git a/modules/ferm/manifests/init.pp b/modules/ferm/manifests/init.pp
index 0d93d3ae..ebf8fe57 100644
--- a/modules/ferm/manifests/init.pp
+++ b/modules/ferm/manifests/init.pp
@@ -30,7 +30,7 @@ class ferm {
 
         ferm::rule { "dsa-ssh":
                 description     => "Allow SSH from DSA",
-                rule            => "proto tcp dport ssh ACCEPT"
+                rule            => "proto tcp mod state state (NEW) dport (ssh) @subchain "ssh" { saddr ($MY_SSH_ACCEPT_HOSTS) ACCEPT; }
         }
 
         exec { "ferm restart":