X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/3dd8e177f260478b9da3c5c5be583bd262e1f6e9..2fe909805ca8ed064276b207c853725fbf1ffaae:/cookbooks/munin/recipes/default.rb?ds=inline

diff --git a/cookbooks/munin/recipes/default.rb b/cookbooks/munin/recipes/default.rb
index 25b81a477..a54b38718 100644
--- a/cookbooks/munin/recipes/default.rb
+++ b/cookbooks/munin/recipes/default.rb
@@ -24,20 +24,18 @@ service "munin-node" do
   supports :status => true, :restart => true, :reload => true
 end
 
-servers = search(:node, "recipes:munin\\:\\:server")
+servers = search(:node, "recipes:munin\\:\\:server").collect do |server|
+  server.ipaddresses(:role => :external)
+end.flatten
 
-servers.each do |server|
-  server.interfaces(:role => :external) do |interface|
-    firewall_rule "accept-munin-#{server}" do
-      action :accept
-      family interface[:family]
-      source "net:#{interface[:address]}"
-      dest "fw"
-      proto "tcp:syn"
-      dest_ports "munin"
-      source_ports "1024-65535"
-    end
-  end
+firewall_rule "accept-munin" do
+  action :accept
+  context :incoming
+  protocol :tcp
+  source servers
+  dest_ports "munin"
+  source_ports "1024-65535"
+  not_if { servers.empty? }
 end
 
 template "/etc/munin/munin-node.conf" do