From 42a257dc74366c8f0ef1982a5643abe10424e9fa Mon Sep 17 00:00:00 2001
From: Clinton Ebadi <clinton@unknownlamer.org>
Date: Fri, 7 Sep 2012 01:22:51 -0400
Subject: [PATCH] Include service firewall rules Instead of a per-machine
 package, keep the ports with the service for now. Ideally domtool would
 handle all of this.

---
 debian/hcoop-firewall-config.dirs | 2 ++
 files/ferm.conf.hcoop             | 2 ++
 2 files changed, 4 insertions(+)
 create mode 100644 debian/hcoop-firewall-config.dirs

diff --git a/debian/hcoop-firewall-config.dirs b/debian/hcoop-firewall-config.dirs
new file mode 100644
index 0000000..27cc7de
--- /dev/null
+++ b/debian/hcoop-firewall-config.dirs
@@ -0,0 +1,2 @@
+etc/ferm/service.in.d
+etc/ferm/service.out.d
\ No newline at end of file
diff --git a/files/ferm.conf.hcoop b/files/ferm.conf.hcoop
index 2637c92..12c90d7 100644
--- a/files/ferm.conf.hcoop
+++ b/files/ferm.conf.hcoop
@@ -29,6 +29,7 @@ table filter {
 	proto (tcp udp) dport ( kerberos afs3-callback ) ACCEPT;
 
 	# system ports
+	@include 'service.in.d/';
 	@include 'local_ports_in.conf';
 	#@include 'users_tcp_in.conf'
     }
@@ -53,6 +54,7 @@ table filter {
         # root needs port 80 for things like apt-get
 	mod owner uid-owner 0 { proto (tcp) dport (http https) ACCEPT; }
 
+	@include 'service.out.d/';
 	@include 'local_ports_out.conf';
 	#include 'users_tcp_out.conf'
     }
-- 
2.20.1