X-Git-Url: https://git.openstreetmap.org/chef.git/blobdiff_plain/ba65c5618d3113373c0f3306ce993917fc2af23a..2e17bd4b4697423f9c124cfdb802424a58c16d80:/cookbooks/munin/recipes/default.rb

diff --git a/cookbooks/munin/recipes/default.rb b/cookbooks/munin/recipes/default.rb
index 70d6f3050..0a2a34452 100644
--- a/cookbooks/munin/recipes/default.rb
+++ b/cookbooks/munin/recipes/default.rb
@@ -24,27 +24,29 @@ service "munin-node" do
   supports :status => true, :restart => true, :reload => true
 end
 
-servers = search(:node, "recipes:munin\\:\\:server")
+servers = []
 
-servers.each do |server|
+search(:node, "recipes:munin\\:\\:server").each do |server|
   server.interfaces(:role => :external) do |interface|
-    firewall_rule "accept-munin-#{server}" do
-      action :accept
-      family interface[:family]
-      source "#{interface[:zone]}:#{interface[:address]}"
-      dest "fw"
-      proto "tcp:syn"
-      dest_ports "munin"
-      source_ports "1024:"
-    end
+    servers << interface[:address]
   end
 end
 
+firewall_rule "accept-munin" do
+  action :accept
+  context :incoming
+  protocol :tcp
+  source servers
+  dest_ports "munin"
+  source_ports "1024-65535"
+  not_if { servers.empty? }
+end
+
 template "/etc/munin/munin-node.conf" do
   source "munin-node.conf.erb"
   owner "root"
   group "root"
-  mode 0o644
+  mode "644"
   variables :servers => servers
   notifies :restart, "service[munin-node]"
 end