From 131d1d904fb3e556c4b46ac3c00c9861ae95e0c1 Mon Sep 17 00:00:00 2001
From: Stephen Gran <steve@lobefin.net>
Date: Sat, 20 Feb 2010 21:35:37 +0000
Subject: [PATCH] reshuffle things around

Signed-off-by: Stephen Gran <steve@lobefin.net>
---
 modules/debian-org/manifests/init.pp | 17 -----------------
 modules/munin-node/manifests/init.pp |  4 ++++
 modules/nagios/manifests/client.pp   |  4 ++++
 modules/ssh/manifests/init.pp        |  9 +++++++++
 4 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/modules/debian-org/manifests/init.pp b/modules/debian-org/manifests/init.pp
index 9ff8c854..3042b183 100644
--- a/modules/debian-org/manifests/init.pp
+++ b/modules/debian-org/manifests/init.pp
@@ -17,23 +17,6 @@ define set_alternatives($linkto) {
 
 
 class debian-org {
-   ferm::rule { "dsa-ssh":
-           description     => "Allow SSH from DSA",
-           rule            => "proto tcp mod state state (NEW) dport (ssh) @subchain 'ssh' { saddr (\$SSH_SOURCES) ACCEPT; }"
-   }
-   ferm::rule { "dsa-ssh-v6":
-           description     => "Allow SSH from DSA",
-           domain          => "ip6",
-           rule            => "proto tcp mod state state (NEW) dport (ssh) @subchain 'ssh' { saddr (\$SSH_V6_SOURCES) ACCEPT; }"
-   }
-   ferm::rule { "dsa-munin":
-           description     => "Allow munin from munin master",
-           rule            => "proto tcp mod state state (NEW) dport (munin) @subchain 'munin' { saddr (\$HOST_MUNIN) ACCEPT; }"
-   }
-   ferm::rule { "dsa-nagios":
-           description     => "Allow nrpe from nagios master",
-           rule            => "proto tcp mod state state (NEW) dport (5666) @subchain 'nagios' { saddr (\$HOST_NAGIOS) ACCEPT; }"
-   }
 
    package { "userdir-ldap": ensure => installed;
              "zsh": ensure => installed;
diff --git a/modules/munin-node/manifests/init.pp b/modules/munin-node/manifests/init.pp
index 8ba1fbe5..6dc8b07e 100644
--- a/modules/munin-node/manifests/init.pp
+++ b/modules/munin-node/manifests/init.pp
@@ -75,5 +75,9 @@ class munin-node {
         path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
         refreshonly => true,
     }
+   ferm::rule { "dsa-munin":
+           description     => "Allow munin from munin master",
+           rule            => "proto tcp mod state state (NEW) dport (munin) @subchain 'munin' { saddr (\$HOST_MUNIN) ACCEPT; }"
+   }
 }
 
diff --git a/modules/nagios/manifests/client.pp b/modules/nagios/manifests/client.pp
index 285fdfc0..edfbbfad 100644
--- a/modules/nagios/manifests/client.pp
+++ b/modules/nagios/manifests/client.pp
@@ -45,4 +45,8 @@ class nagios::client inherits nagios {
 		path        => "/etc/init.d:/usr/bin:/usr/sbin:/bin:/sbin",
 		refreshonly => true,
 	}
+        ferm::rule { "dsa-nagios":
+                description     => "Allow nrpe from nagios master",
+                rule            => "proto tcp mod state state (NEW) dport (5666) @subchain 'nagios' { saddr (\$HOST_NAGIOS) ACCEPT; }"
+        }
 }
diff --git a/modules/ssh/manifests/init.pp b/modules/ssh/manifests/init.pp
index 4dd041a8..452ce5df 100644
--- a/modules/ssh/manifests/init.pp
+++ b/modules/ssh/manifests/init.pp
@@ -38,4 +38,13 @@ class ssh {
             refreshonly => true,
         }
 
+        ferm::rule { "dsa-ssh":
+                description     => "Allow SSH from DSA",
+                rule            => "proto tcp mod state state (NEW) dport (ssh) @subchain 'ssh' { saddr (\$SSH_SOURCES) ACCEPT; }"
+        }
+        ferm::rule { "dsa-ssh-v6":
+                description     => "Allow SSH from DSA",
+                domain          => "ip6",
+                rule            => "proto tcp mod state state (NEW) dport (ssh) @subchain 'ssh' { saddr (\$SSH_V6_SOURCES) ACCEPT; }"
+        }
 }
-- 
2.39.2