From: Peter Palfrader <peter@palfrader.org>
Date: Wed, 1 Jan 2014 20:58:49 +0000 (+0100)
Subject: maybe these firewall rules are better
X-Git-Url: https://git.donarmstrong.com/?p=dsa-puppet.git;a=commitdiff_plain;h=4c729553b909749951a012ad7d75309c1487a9c1

maybe these firewall rules are better
---

diff --git a/modules/named/manifests/init.pp b/modules/named/manifests/init.pp
index da2313c1..2868a070 100644
--- a/modules/named/manifests/init.pp
+++ b/modules/named/manifests/init.pp
@@ -25,12 +25,12 @@ class named {
 		@ferm::rule { '01-dsa-bind-4':
 			domain      => '(ip)',
 			description => 'Allow nameserver access',
-			rule        => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V4)',
+			rule        => '&TCP_UDP_SERVICE_RANGE(53, $HOST_DEBIAN_V4)',
 		}
 		@ferm::rule { '01-dsa-bind-6':
 			domain      => '(ip6)',
 			description => 'Allow nameserver access',
-			rule        => '&SERVICE_RANGE(tcp, 5671, $HOST_DEBIAN_V6)',
+			rule        => '&TCP_UDP_SERVICE_RANGE(53, $HOST_DEBIAN_V6)',
 		}
 	} else {
 		@ferm::rule { '01-dsa-bind':