Merge branch 'develop' (0.5.1)0.5.1

Change-Id: I4e9d845f9758232f4da0d4bfbf785e52982b825b
author: Micah Anderson <micah@leap.se> 2014-05-22 16:38:28 -0400
committer: Micah Anderson <micah@leap.se> 2014-05-22 16:38:28 -0400
commit: 6100b6ded99241f10e7fb12c13a0820fda084912 (patch)
tree: 863a9120010f32fdae304af94cd102c1da5096a6 /puppet/modules/site_shorewall
parent: 327d5c934e408f90011d7949b89ab01fed88998e (diff)
parent: a622e49c5df2150049afb6f6ed47177537b7e6da (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/puppet/modules/site_shorewall/manifests/eip.pp b/puppet/modules/site_shorewall/manifests/eip.pp
index 7109b770..8fbba658 100644
--- a/puppet/modules/site_shorewall/manifests/eip.pp
+++ b/puppet/modules/site_shorewall/manifests/eip.pp
@@ -68,6 +68,22 @@ class site_shorewall::eip {
       destination => '$FW',
       action      => 'leap_eip(ACCEPT)',
       order       => 200;
+
+    'block_eip_dns_udp':
+      action          => 'REJECT',
+      source          => 'eip',
+      destination     => 'net',
+      proto           => 'udp',
+      destinationport => 'domain',
+      order           => 300;
+
+    'block_eip_dns_tcp':
+      action          => 'REJECT',
+      source          => 'eip',
+      destination     => 'net',
+      proto           => 'tcp',
+      destinationport => 'domain',
+      order           => 301;
   }
 
   # create dnat rule for each port
author	Micah Anderson <micah@leap.se>	2014-05-22 16:38:28 -0400
committer	Micah Anderson <micah@leap.se>	2014-05-22 16:38:28 -0400
commit	6100b6ded99241f10e7fb12c13a0820fda084912 (patch)
tree	863a9120010f32fdae304af94cd102c1da5096a6 /puppet/modules/site_shorewall
parent	327d5c934e408f90011d7949b89ab01fed88998e (diff)
parent	a622e49c5df2150049afb6f6ed47177537b7e6da (diff)