first stab at opening firewall for actual mail port

author Stephen Gran <steve@lobefin.net>

Sat, 6 Mar 2010 12:50:48 +0000 (12:50 +0000)

committer Stephen Gran <steve@lobefin.net>

Sat, 6 Mar 2010 12:50:48 +0000 (12:50 +0000)
author Stephen Gran <steve@lobefin.net>
Sat, 6 Mar 2010 12:50:48 +0000 (12:50 +0000)
committer Stephen Gran <steve@lobefin.net>
Sat, 6 Mar 2010 12:50:48 +0000 (12:50 +0000)
diff --git a/modules/exim/manifests/init.pp b/modules/exim/manifests/init.pp

index 956cdc099d0b5464e66fef24383f5ee9fa87586f..f245eab1ebec4d04fde9aeb719f76bb1729aee06 100644 (file)
--- a/modules/exim/manifests/init.pp
+++ b/modules/exim/manifests/init.pp
@@ -156,14 +156,15 @@ class exim {
          path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
          refreshonly => true,
      }
+    $mail_port = case extractnodeinfo($nodeinfo, 'mail_port')
      @ferm::rule { "dsa-exim":
              description     => "Allow SMTP",
-            rule            => "&SERVICE_RANGE(tcp, smtp, \$SMTP_SOURCES)"
+            rule            => "&SERVICE_RANGE(tcp, $mail_port, \$SMTP_SOURCES)"
      }
      @ferm::rule { "dsa-exim-v6":
              description     => "Allow SMTP",
              domain          => "ip6",
-            rule            => "&SERVICE_RANGE(tcp, smtp, \$SMTP_V6_SOURCES)"
+            rule            => "&SERVICE_RANGE(tcp, $mail_port, \$SMTP_V6_SOURCES)"
      }
      # Do we actually want this?  I'm only doing it because it's harmless
      # and makes the logs quiet.  There are better ways of making logs quiet,
author	Stephen Gran <steve@lobefin.net>
	Sat, 6 Mar 2010 12:50:48 +0000 (12:50 +0000)
committer	Stephen Gran <steve@lobefin.net>
	Sat, 6 Mar 2010 12:50:48 +0000 (12:50 +0000)