added shorewall config for dns
authorMarcel Haerry <haerry@puzzle.ch>
Mon, 26 May 2008 14:20:59 +0000 (16:20 +0200)
committerMarcel Haerry <haerry@puzzle.ch>
Mon, 26 May 2008 14:20:59 +0000 (16:20 +0200)
manifests/init.pp
manifests/shorewall.pp [new file with mode: 0644]

index ef83b3e..ef73956 100644 (file)
@@ -26,4 +26,8 @@ class resolvconf {
         mode => 444,
         content => template("resolvconf/resolvconf.erb")
     }
+
+    if $use_shorewall {
+        include resolvconf::shorewall
+    }
 }
diff --git a/manifests/shorewall.pp b/manifests/shorewall.pp
new file mode 100644 (file)
index 0000000..114bda7
--- /dev/null
@@ -0,0 +1,22 @@
+# manifests/shorewall.pp
+
+class resolvconf::shorewall {
+    include shorewall
+
+    shorewall::rule {
+        'me-net-tcp_dns':
+                        source          =>      '$FW',
+                        destination     =>      'net',
+                        proto           =>      'tcp',
+                        destinationport =>      '53',
+                        order           =>      250,
+                        action          =>      'ACCEPT';
+        'me-net-udp_dns':
+                        source          =>      '$FW',
+                        destination     =>      'net',
+                        proto           =>      'udp',
+                        destinationport =>      '53',
+                        order           =>      251,
+                        action          =>      'ACCEPT'; 
+    }
+}