diff options
| author | Silvio Rhatto <rhatto@riseup.net> | 2011-08-15 19:02:52 -0300 |
|---|---|---|
| committer | Silvio Rhatto <rhatto@riseup.net> | 2011-08-15 19:02:52 -0300 |
| commit | a25e4d7e3d4f4f33a8a48e13f0b2f5200a4f4c60 (patch) | |
| tree | fcfb2be712d2de137bf0dda64430f7a1e4add43c /manifests/subsystems/firewall/vserver.pp | |
| parent | bc443116a68704768be51129695daaaf8755fbb1 (diff) | |
| download | puppet-nodo-a25e4d7e3d4f4f33a8a48e13f0b2f5200a4f4c60.tar.gz puppet-nodo-a25e4d7e3d4f4f33a8a48e13f0b2f5200a4f4c60.tar.bz2 | |
Adding firewall::vserver::dns
Diffstat (limited to 'manifests/subsystems/firewall/vserver.pp')
| -rw-r--r-- | manifests/subsystems/firewall/vserver.pp | 44 |
1 files changed, 44 insertions, 0 deletions
diff --git a/manifests/subsystems/firewall/vserver.pp b/manifests/subsystems/firewall/vserver.pp index 843d24f..9bf0a21 100644 --- a/manifests/subsystems/firewall/vserver.pp +++ b/manifests/subsystems/firewall/vserver.pp @@ -277,3 +277,47 @@ define firewall::vserver::munin($destination, $port_orig, $port_dest = '', $orde order => $order, } } + +class firewall::vserver::dns($destination, $zone = 'vm') { + shorewall::rule { 'dns-route-1': + action => 'DNAT', + source => 'net', + destination => "$zone:$destination:53", + proto => 'tcp', + destinationport => '53', + ratelimit => '-', + order => '2000', + } + + shorewall::rule { 'dns-route-2': + action => 'DNAT', + source => '$FW', + destination => "fw:$destination:53", + proto => 'tcp', + destinationport => '53', + originaldest => "$ipaddress", + ratelimit => '-', + order => '2001', + } + + shorewall::rule { 'dns-route-1': + action => 'DNAT', + source => 'net', + destination => "$zone:$destination:53", + proto => 'udp', + destinationport => '53', + ratelimit => '-', + order => '2002', + } + + shorewall::rule { 'dns-route-2': + action => 'DNAT', + source => '$FW', + destination => "fw:$destination:53", + proto => 'udp', + destinationport => '53', + originaldest => "$ipaddress", + ratelimit => '-', + order => '2003', + } +} |