From 475e413b2fb9f6ed10b310c1f3f1d8b53bfc8030 Mon Sep 17 00:00:00 2001
From: David Gardner <git@icmfp.com>
Date: Fri, 28 Oct 2016 09:20:59 +0100
Subject: [PATCH] Use dport on firewall rule, otherwise we allow source ports
 as well.

---
 manifests/project/apache.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifests/project/apache.pp b/manifests/project/apache.pp
index 9b1bb73..8303dbc 100644
--- a/manifests/project/apache.pp
+++ b/manifests/project/apache.pp
@@ -226,7 +226,7 @@
 
   if !defined(Firewall["050 accept Apache ${port}"]) {
     firewall { "050 accept Apache ${port}":
-      port   => $port,
+      dport  => $port,
       proto  => tcp,
       action => accept,
     }