convert ssh to new rule format

Signed-off-by: Stephen Gran <steve@lobefin.net>

diff --git a/modules/ssh/manifests/init.pp b/modules/ssh/manifests/init.pp
index e2248f84727deb7c032ae92d57e154997d3b0418..9d272a224c80efed8437ac61407979210c86ffac 100644 (file)
--- a/modules/ssh/manifests/init.pp
+++ b/modules/ssh/manifests/init.pp
@@ -33,11 +33,11 @@ class ssh {
 
         @ferm::rule { "dsa-ssh":
                 description     => "Allow SSH from DSA",
-                rule            => "proto tcp mod state state (NEW) dport (ssh) @subchain 'ssh' { saddr (\$SSH_SOURCES) ACCEPT; }"
+                rule            => "&SERVICE_RANGE(tcp, ssh, \$SSH_SOURCES)"
         }
         @ferm::rule { "dsa-ssh-v6":
                 description     => "Allow SSH from DSA",
                 domain          => "ip6",
-                rule            => "proto tcp mod state state (NEW) dport (ssh) @subchain 'ssh' { saddr (\$SSH_V6_SOURCES) ACCEPT; }"
+                rule            => "&SERVICE_RANGE(tcp, ssh, \$SSH_V6_SOURCES)"
         }
 }