rework firewall setup

bundles/postfix/metadata.py

@@ -96,10 +96,10 @@ def letsencrypt(metadata):
 
 
 @metadata_reactor.provides(
-    'firewall/port_rules/25',
-    'firewall/port_rules/465',
-    'firewall/port_rules/587',
-    'firewall/port_rules/2525',
+    'firewall/port_rules',
+    'firewall/port_rules',
+    'firewall/port_rules',
+    'firewall/port_rules',
 )
 def firewall(metadata):
     if node.has_bundle('postfixadmin'):
@@ -108,13 +108,13 @@ def firewall(metadata):
         default = metadata.get('postfix/mynetworks', set())
 
     rules = {
-        '25': atomic(metadata.get('postfix/restrict-to', default)),
-        '465': atomic(metadata.get('postfix/restrict-to', default)),
+        '25/tcp': atomic(metadata.get('postfix/restrict-to', default)),
+        '465/tcp': atomic(metadata.get('postfix/restrict-to', default)),
     }
 
     if node.has_bundle('postfixadmin'):
-        rules['587'] = atomic(metadata.get('postfix/restrict-to', default))
-        rules['2525'] = atomic(metadata.get('postfix/restrict-to', default))
+        rules['587/tcp'] = atomic(metadata.get('postfix/restrict-to', default))
+        rules['2525/tcp'] = atomic(metadata.get('postfix/restrict-to', default))
 
     return {
         'firewall': {