aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--manifests/subsystems/firewall/vserver.pp44
-rw-r--r--manifests/vserver.pp8
2 files changed, 51 insertions, 1 deletions
diff --git a/manifests/subsystems/firewall/vserver.pp b/manifests/subsystems/firewall/vserver.pp
index 843d24f..9bf0a21 100644
--- a/manifests/subsystems/firewall/vserver.pp
+++ b/manifests/subsystems/firewall/vserver.pp
@@ -277,3 +277,47 @@ define firewall::vserver::munin($destination, $port_orig, $port_dest = '', $orde
order => $order,
}
}
+
+class firewall::vserver::dns($destination, $zone = 'vm') {
+ shorewall::rule { 'dns-route-1':
+ action => 'DNAT',
+ source => 'net',
+ destination => "$zone:$destination:53",
+ proto => 'tcp',
+ destinationport => '53',
+ ratelimit => '-',
+ order => '2000',
+ }
+
+ shorewall::rule { 'dns-route-2':
+ action => 'DNAT',
+ source => '$FW',
+ destination => "fw:$destination:53",
+ proto => 'tcp',
+ destinationport => '53',
+ originaldest => "$ipaddress",
+ ratelimit => '-',
+ order => '2001',
+ }
+
+ shorewall::rule { 'dns-route-1':
+ action => 'DNAT',
+ source => 'net',
+ destination => "$zone:$destination:53",
+ proto => 'udp',
+ destinationport => '53',
+ ratelimit => '-',
+ order => '2002',
+ }
+
+ shorewall::rule { 'dns-route-2':
+ action => 'DNAT',
+ source => '$FW',
+ destination => "fw:$destination:53",
+ proto => 'udp',
+ destinationport => '53',
+ originaldest => "$ipaddress",
+ ratelimit => '-',
+ order => '2003',
+ }
+}
diff --git a/manifests/vserver.pp b/manifests/vserver.pp
index 79b39bd..c7c7216 100644
--- a/manifests/vserver.pp
+++ b/manifests/vserver.pp
@@ -37,7 +37,7 @@ class nodo::vserver inherits nodo {
define instance($context, $ensure = 'running', $proxy = false,
$puppetmaster = false, $gitd = false, $mail = false,
$icecast = false, $sound = false, $ticket = false,
- $memory_limit = false, $distro = 'lenny') {
+ $memory_limit = false, $distro = 'lenny', $dns = false) {
# set instance id
if $context <= 9 {
@@ -155,6 +155,12 @@ class nodo::vserver inherits nodo {
"firewall::vserver::mail": destination => "192.168.0.$context";
}
}
+
+ if $dns {
+ class {
+ "firewall::vserver::dns": destination => "192.168.0.$context";
+ }
+ }
}
}
}