From 2bd5b840234352daf85ecc2dcaff4f4fbc43a0ab Mon Sep 17 00:00:00 2001
From: Marcel Haerry <haerry@puzzle.ch>
Date: Mon, 26 May 2008 16:20:59 +0200
Subject: added shorewall config for dns

---
 manifests/init.pp      |  4 ++++
 manifests/shorewall.pp | 22 ++++++++++++++++++++++
 2 files changed, 26 insertions(+)
 create mode 100644 manifests/shorewall.pp

diff --git a/manifests/init.pp b/manifests/init.pp
index ef83b3e..ef73956 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -26,4 +26,8 @@ class resolvconf {
         mode => 444,
         content => template("resolvconf/resolvconf.erb")
     }
+
+    if $use_shorewall {
+        include resolvconf::shorewall
+    }
 }
diff --git a/manifests/shorewall.pp b/manifests/shorewall.pp
new file mode 100644
index 0000000..114bda7
--- /dev/null
+++ b/manifests/shorewall.pp
@@ -0,0 +1,22 @@
+# manifests/shorewall.pp
+
+class resolvconf::shorewall {
+    include shorewall
+
+    shorewall::rule {
+        'me-net-tcp_dns':
+                        source          =>      '$FW',
+                        destination     =>      'net',
+                        proto           =>      'tcp',
+                        destinationport =>      '53',
+                        order           =>      250,
+                        action          =>      'ACCEPT';
+        'me-net-udp_dns':
+                        source          =>      '$FW',
+                        destination     =>      'net',
+                        proto           =>      'udp',
+                        destinationport =>      '53',
+                        order           =>      251,
+                        action          =>      'ACCEPT'; 
+    }
+}
-- 
cgit v1.2.3