From a25e4d7e3d4f4f33a8a48e13f0b2f5200a4f4c60 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Mon, 15 Aug 2011 19:02:52 -0300
Subject: Adding firewall::vserver::dns

---
 manifests/subsystems/firewall/vserver.pp | 44 ++++++++++++++++++++++++++++++++
 manifests/vserver.pp                     |  8 +++++-
 2 files changed, 51 insertions(+), 1 deletion(-)

diff --git a/manifests/subsystems/firewall/vserver.pp b/manifests/subsystems/firewall/vserver.pp
index 843d24f..9bf0a21 100644
--- a/manifests/subsystems/firewall/vserver.pp
+++ b/manifests/subsystems/firewall/vserver.pp
@@ -277,3 +277,47 @@ define firewall::vserver::munin($destination, $port_orig, $port_dest = '', $orde
     order           => $order,
   }
 }
+
+class firewall::vserver::dns($destination, $zone = 'vm') {
+  shorewall::rule { 'dns-route-1':
+    action          => 'DNAT',
+    source          => 'net',
+    destination     => "$zone:$destination:53",
+    proto           => 'tcp',
+    destinationport => '53',
+    ratelimit       => '-',
+    order           => '2000',
+  }
+
+  shorewall::rule { 'dns-route-2':
+    action          => 'DNAT',
+    source          => '$FW',
+    destination     => "fw:$destination:53",
+    proto           => 'tcp',
+    destinationport => '53',
+    originaldest    => "$ipaddress",
+    ratelimit       => '-',
+    order           => '2001',
+  }
+
+  shorewall::rule { 'dns-route-1':
+    action          => 'DNAT',
+    source          => 'net',
+    destination     => "$zone:$destination:53",
+    proto           => 'udp',
+    destinationport => '53',
+    ratelimit       => '-',
+    order           => '2002',
+  }
+
+  shorewall::rule { 'dns-route-2':
+    action          => 'DNAT',
+    source          => '$FW',
+    destination     => "fw:$destination:53",
+    proto           => 'udp',
+    destinationport => '53',
+    originaldest    => "$ipaddress",
+    ratelimit       => '-',
+    order           => '2003',
+  }
+}
diff --git a/manifests/vserver.pp b/manifests/vserver.pp
index 79b39bd..c7c7216 100644
--- a/manifests/vserver.pp
+++ b/manifests/vserver.pp
@@ -37,7 +37,7 @@ class nodo::vserver inherits nodo {
   define instance($context, $ensure = 'running', $proxy = false,
                   $puppetmaster = false, $gitd = false, $mail = false,
                   $icecast = false, $sound = false, $ticket = false,
-                  $memory_limit = false, $distro = 'lenny') {
+                  $memory_limit = false, $distro = 'lenny', $dns = false) {
 
     # set instance id
     if $context <= 9 {
@@ -155,6 +155,12 @@ class nodo::vserver inherits nodo {
             "firewall::vserver::mail": destination => "192.168.0.$context";
           }
         }
+
+        if $dns {
+          class {
+            "firewall::vserver::dns": destination => "192.168.0.$context";
+          }
+        }
       }
     }
   }
-- 
cgit v1.2.3