cleanup a bit

Signed-off-by: Stephen Gran <steve@lobefin.net>

diff --git a/modules/ferm/files/defs.conf b/modules/ferm/files/defs.conf
index 3c3bc30eb6905b0190cb2b07ae69b5b17afd42da..608e89fbf7e8fa72558be35a0b7ec56acc321474 100644 (file)
--- a/modules/ferm/files/defs.conf
+++ b/modules/ferm/files/defs.conf
@@ -12,8 +12,7 @@
 }
 
 @def &TCP_UDP_SERVICE($port) = {
- proto tcp mod state state (NEW) dport $port ACCEPT;
- proto udp mod state state (NEW) dport $port ACCEPT;
+ proto (tcp udp) mod state state (NEW) dport $port ACCEPT;
 }
 
 @def $HOST_MUNIN  = (192.25.206.33);

diff --git a/modules/ferm/files/ferm.conf b/modules/ferm/files/ferm.conf
index 8229ff80d36bd40734729198f92cafc806e78f44..f761b01e82ed39cc3cbd2e4d7da1d57b0ef6404b 100644 (file)
--- a/modules/ferm/files/ferm.conf
+++ b/modules/ferm/files/ferm.conf
@@ -51,3 +51,9 @@ domain (ip ip6) {
 }
 
 @include 'dsa.d/';
+
+domain (ip ip6) {
+        chain INPUT {
+                jump log_or_drop;
+        }
+}

diff --git a/modules/ferm/manifests/init.pp b/modules/ferm/manifests/init.pp
index a083892b699dd3729c06952caf7d3e54e3eab9c9..3d35bae0c97df9a55a548219ba47e7bb362cc828 100644 (file)
--- a/modules/ferm/manifests/init.pp
+++ b/modules/ferm/manifests/init.pp
@@ -43,14 +43,6 @@ class ferm {
                         notify  => Exec["ferm restart"];
         }
 
-        ferm::rule { "dsa-drop":
-                domain          => "(ip ip6)",
-                description     => "Drop everything else",
-                prio            => "99",
-                rule            => "jump log_or_drop"
-        }
-
-
         exec { "ferm restart":
                 command     => "/etc/init.d/ferm restart",
                 refreshonly => true,