another try

Signed-off-by: Stephen Gran <steve@lobefin.net>

diff --git a/modules/exim/manifests/init.pp b/modules/exim/manifests/init.pp
index 61ab93cec0548c1bb57f19bb3c6f255b083670d8..956cdc099d0b5464e66fef24383f5ee9fa87586f 100644 (file)
--- a/modules/exim/manifests/init.pp
+++ b/modules/exim/manifests/init.pp
@@ -158,12 +158,12 @@ class exim {
     }
     @ferm::rule { "dsa-exim":
             description     => "Allow SMTP",
-            rule            => "&SERVICE_RANGE(tcp, smtp, \$SSH_SOURCES)"
+            rule            => "&SERVICE_RANGE(tcp, smtp, \$SMTP_SOURCES)"
     }
     @ferm::rule { "dsa-exim-v6":
             description     => "Allow SMTP",
             domain          => "ip6",
-            rule            => "&SERVICE_RANGE(tcp, smtp, \$SSH_SOURCES)"
+            rule            => "&SERVICE_RANGE(tcp, smtp, \$SMTP_V6_SOURCES)"
     }
     # Do we actually want this?  I'm only doing it because it's harmless
     # and makes the logs quiet.  There are better ways of making logs quiet,

diff --git a/modules/ferm/templates/defs.conf.erb b/modules/ferm/templates/defs.conf.erb
index e4b72b32a48a4f05168bc6d46c79a2c0b71164e9..101e0119befe673cfee7d517127d79eeddb9a0da 100644 (file)
--- a/modules/ferm/templates/defs.conf.erb
+++ b/modules/ferm/templates/defs.conf.erb
@@ -8,7 +8,7 @@
 }
 
 @def &SERVICE_RANGE($proto, $port, $srange) = {
- proto $proto mod state state (NEW) dport $port @subchain $port { saddr ($srange) ACCEPT; }"
+ proto $proto mod state state (NEW) dport $port @subchain '$port' { saddr ($srange) ACCEPT; }"
 }
 
 @def &TCP_UDP_SERVICE($port) = {