From: Stephen Gran <steve@lobefin.net>
Date: Sun, 21 Feb 2010 00:03:54 +0000 (+0000)
Subject: shorten up the typing
X-Git-Url: https://git.donarmstrong.com/?p=dsa-puppet.git;a=commitdiff_plain;h=39000c958bd85d70d2d1b1055f8f770cabed1d90

shorten up the typing

Signed-off-by: Stephen Gran <steve@lobefin.net>
---

diff --git a/modules/apache2/manifests/init.pp b/modules/apache2/manifests/init.pp
index cd2a4e40..6235ed3a 100644
--- a/modules/apache2/manifests/init.pp
+++ b/modules/apache2/manifests/init.pp
@@ -132,6 +132,6 @@ class apache2 {
         @ferm::rule { "dsa-apache":
                 domain          => "(ip ip6)",
                 description     => "Allow web access",
-                rule            => "proto tcp mod state state (NEW) dport (80) ACCEPT"
+                rule            => "&SERVICE(tcp, 80)"
         }
 }
diff --git a/modules/exim/manifests/init.pp b/modules/exim/manifests/init.pp
index 85852790..6856da2c 100644
--- a/modules/exim/manifests/init.pp
+++ b/modules/exim/manifests/init.pp
@@ -159,6 +159,6 @@ class exim {
     @ferm::rule { "dsa-exim":
             domain          => "(ip ip6)",
             description     => "Allow smtp access",
-            rule            => "proto tcp mod state state (NEW) dport (25) ACCEPT"
+            rule            => "&SERVICE(tcp, 25)"
     }
 }
diff --git a/modules/ferm/files/defs.conf b/modules/ferm/files/defs.conf
index 0359fa92..b78b9abf 100644
--- a/modules/ferm/files/defs.conf
+++ b/modules/ferm/files/defs.conf
@@ -4,23 +4,16 @@
 ##
 
 @def &SERVICE($proto, $port) = {
- domain (ip ip6) chain INPUT proto $proto dport $port ACCEPT;
+ proto $proto mod state state (NEW) dport $port ACCEPT;
 }
 
-@def &V4_SERVICE($proto, $port) = {
- domain ip chain INPUT proto $proto dport $port ACCEPT;
+@def &SERVICE_RANGE($proto, $port, $srange) = {
+ proto $proto mod state state (NEW) dport $port saddr ($srange) ACCEPT;
 }
 
-@def &V6_SERVICE($proto, $port) = {
- domain ip6 chain INPUT proto $proto dport $port ACCEPT;
-}
-
-@def &V4_SERVICE_RANGE($proto, $port, $srange) = {
- domain ip chain INPUT proto $proto dport $port saddr $srange ACCEPT;
-}
-
-@def &V6_SERVICE_RANGE($proto, $port, $srange) = {
- domain ip6 chain INPUT proto $proto dport $port saddr $srange ACCEPT;
+@def &TCP_UDP_SERVICE($port) = {
+ proto tcp mod state state (NEW) dport $port ACCEPT;
+ proto udp mod state state (NEW) dport $port ACCEPT;
 }
 
 @def $HOST_MUNIN  = (192.25.206.57 192.25.206.33);
diff --git a/modules/named/manifests/init.pp b/modules/named/manifests/init.pp
index 65d4cc5f..719c0e7b 100644
--- a/modules/named/manifests/init.pp
+++ b/modules/named/manifests/init.pp
@@ -28,7 +28,7 @@ class named {
         @ferm::rule { "dsa-bind":
                 domain          => "(ip ip6)",
                 description     => "Allow nameserver access",
-                rule            => "proto (udp tcp) mod state state (NEW) dport (53) ACCEPT"
+                rule            => "&TCP_UDP_SERVICE(53)"
         }
 }
 
diff --git a/modules/ntp/manifests/init.pp b/modules/ntp/manifests/init.pp
index ace2f8f8..af086f68 100644
--- a/modules/ntp/manifests/init.pp
+++ b/modules/ntp/manifests/init.pp
@@ -28,6 +28,6 @@ class ntp {
         @ferm::rule { "dsa-ntp":
                 domain          => "(ip ip6)",
                 description     => "Allow ntp access",
-                rule            => "proto udp mod state state (NEW) dport (123) ACCEPT"
+                rule            => "&SERVICE(udp, 123)"
         }
 }