ferm: drop aurel32's IPs

[dsa-puppet.git] / modules / ferm / files / ferm.conf

diff --git a/modules/ferm/files/ferm.conf b/modules/ferm/files/ferm.conf
index 5b38e34c31723e0379157a63e1dad0a9e8e390e6..5f77ce48530fb0a42ce3e63f195229299b8764f1 100644 (file)
--- a/modules/ferm/files/ferm.conf
+++ b/modules/ferm/files/ferm.conf
@@ -63,4 +63,7 @@ domain (ip ip6) {
                 jump log_or_drop;
         }
 }
+
+@hook post "umask 0177; iptables-save | sed -e 's/\[.*//' -e 's/^#.*//' | sha256sum > /var/run/iptables-ferm.checksum";
+@hook post "umask 0177; ip6tables-save | sed -e 's/\[.*//' -e 's/^#.*//' | sha256sum > /var/run/ip6tables-ferm.checksum";
 # vim:set et: