maybe these firewall rules are better

author Peter Palfrader <peter@palfrader.org>

Wed, 1 Jan 2014 20:58:49 +0000 (21:58 +0100)

committer Peter Palfrader <peter@palfrader.org>

Wed, 1 Jan 2014 20:58:49 +0000 (21:58 +0100)
author Peter Palfrader <peter@palfrader.org>
Wed, 1 Jan 2014 20:58:49 +0000 (21:58 +0100)
committer Peter Palfrader <peter@palfrader.org>
Wed, 1 Jan 2014 20:58:49 +0000 (21:58 +0100)
diff --git a/modules/named/manifests/init.pp b/modules/named/manifests/init.pp

index da2313c138f12bf12f90ab0732a1df949420c7ad..2868a070ff4d59edb6a4fd8339517ea611d22b00 100644 (file)
--- a/modules/named/manifests/init.pp
+++ b/modules/named/manifests/init.pp
@@ -25,12 +25,12 @@ class named {
                 @ferm::rule { '01-dsa-bind-4':
                         domain      => '(ip)',
                         description => 'Allow nameserver access',
-                       rule        => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V4)',
+                       rule        => '&TCP_UDP_SERVICE_RANGE(53, $HOST_DEBIAN_V4)',
                 }
                 @ferm::rule { '01-dsa-bind-6':
                         domain      => '(ip6)',
                         description => 'Allow nameserver access',
-                       rule        => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V6)',
+                       rule        => '&TCP_UDP_SERVICE_RANGE(53, $HOST_DEBIAN_V6)',
                 }
         } else {
                 @ferm::rule { '01-dsa-bind':
author	Peter Palfrader <peter@palfrader.org>
	Wed, 1 Jan 2014 20:58:49 +0000 (21:58 +0100)
committer	Peter Palfrader <peter@palfrader.org>
	Wed, 1 Jan 2014 20:58:49 +0000 (21:58 +0100)