Instead of a per-machine package, keep the ports with the service for
now. Ideally domtool would handle all of this.
--- /dev/null
+etc/ferm/service.in.d
+etc/ferm/service.out.d
\ No newline at end of file
proto (tcp udp) dport ( kerberos afs3-callback ) ACCEPT;
# system ports
+ @include 'service.in.d/';
@include 'local_ports_in.conf';
#@include 'users_tcp_in.conf'
}
# root needs port 80 for things like apt-get
mod owner uid-owner 0 { proto (tcp) dport (http https) ACCEPT; }
+ @include 'service.out.d/';
@include 'local_ports_out.conf';
#include 'users_tcp_out.conf'
}