Port custom firewall rule to nftables

[chef.git] / cookbooks / openssh / recipes / default.rb

diff --git a/cookbooks/openssh/recipes/default.rb b/cookbooks/openssh/recipes/default.rb
index 78df22c5e418b0930e7d0984e9ff68e6b7377cdf..6a299d22695dc7d9d2804e4fab876984a2e95a48 100644 (file)
--- a/cookbooks/openssh/recipes/default.rb
+++ b/cookbooks/openssh/recipes/default.rb
@@ -27,7 +27,7 @@ template "/etc/ssh/sshd_config.d/chef.conf" do
   source "sshd_config.conf.erb"
   owner "root"
   group "root"
-  mode 0o644
+  mode "644"
   notifies :restart, "service[ssh]"
   only_if { Dir.exist?("/etc/ssh/sshd_config.d") }
 end
@@ -73,7 +73,7 @@ end
 
 template "/etc/ssh/ssh_known_hosts" do
   source "ssh_known_hosts.erb"
-  mode 0o444
+  mode "444"
   owner "root"
   group "root"
   backup false
@@ -86,6 +86,6 @@ firewall_rule "accept-ssh" do
   action :accept
   source "net"
   dest "fw"
-  proto "tcp:syn"
+  proto "tcp"
   dest_ports node[:openssh][:port]
 end