From: Stephen Gran <steve@lobefin.net>
Date: Sun, 21 Feb 2010 00:57:40 +0000 (+0000)
Subject: cleanup a bit
X-Git-Url: https://git.donarmstrong.com/?a=commitdiff_plain;h=6a9cfcfe08f4735c0a7a19346902dc1969a9264b;p=dsa-puppet.git

cleanup a bit

Signed-off-by: Stephen Gran <steve@lobefin.net>
---

diff --git a/modules/ferm/files/defs.conf b/modules/ferm/files/defs.conf
index 3c3bc30e..608e89fb 100644
--- a/modules/ferm/files/defs.conf
+++ b/modules/ferm/files/defs.conf
@@ -12,8 +12,7 @@
 }
 
 @def &TCP_UDP_SERVICE($port) = {
- proto tcp mod state state (NEW) dport $port ACCEPT;
- proto udp mod state state (NEW) dport $port ACCEPT;
+ proto (tcp udp) mod state state (NEW) dport $port ACCEPT;
 }
 
 @def $HOST_MUNIN  = (192.25.206.33);
diff --git a/modules/ferm/files/ferm.conf b/modules/ferm/files/ferm.conf
index 8229ff80..f761b01e 100644
--- a/modules/ferm/files/ferm.conf
+++ b/modules/ferm/files/ferm.conf
@@ -51,3 +51,9 @@ domain (ip ip6) {
 }
 
 @include 'dsa.d/';
+
+domain (ip ip6) {
+        chain INPUT {
+                jump log_or_drop;
+        }
+}
diff --git a/modules/ferm/manifests/init.pp b/modules/ferm/manifests/init.pp
index a083892b..3d35bae0 100644
--- a/modules/ferm/manifests/init.pp
+++ b/modules/ferm/manifests/init.pp
@@ -43,14 +43,6 @@ class ferm {
                         notify  => Exec["ferm restart"];
         }
 
-        ferm::rule { "dsa-drop":
-                domain          => "(ip ip6)",
-                description     => "Drop everything else",
-                prio            => "99",
-                rule            => "jump log_or_drop"
-        }
-
-
         exec { "ferm restart":
                 command     => "/etc/init.d/ferm restart",
                 refreshonly => true,