From a25e4d7e3d4f4f33a8a48e13f0b2f5200a4f4c60 Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Mon, 15 Aug 2011 19:02:52 -0300
Subject: Adding firewall::vserver::dns

---
 manifests/subsystems/firewall/vserver.pp | 44 ++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

(limited to 'manifests/subsystems')

diff --git a/manifests/subsystems/firewall/vserver.pp b/manifests/subsystems/firewall/vserver.pp
index 843d24f..9bf0a21 100644
--- a/manifests/subsystems/firewall/vserver.pp
+++ b/manifests/subsystems/firewall/vserver.pp
@@ -277,3 +277,47 @@ define firewall::vserver::munin($destination, $port_orig, $port_dest = '', $orde
     order           => $order,
   }
 }
+
+class firewall::vserver::dns($destination, $zone = 'vm') {
+  shorewall::rule { 'dns-route-1':
+    action          => 'DNAT',
+    source          => 'net',
+    destination     => "$zone:$destination:53",
+    proto           => 'tcp',
+    destinationport => '53',
+    ratelimit       => '-',
+    order           => '2000',
+  }
+
+  shorewall::rule { 'dns-route-2':
+    action          => 'DNAT',
+    source          => '$FW',
+    destination     => "fw:$destination:53",
+    proto           => 'tcp',
+    destinationport => '53',
+    originaldest    => "$ipaddress",
+    ratelimit       => '-',
+    order           => '2001',
+  }
+
+  shorewall::rule { 'dns-route-1':
+    action          => 'DNAT',
+    source          => 'net',
+    destination     => "$zone:$destination:53",
+    proto           => 'udp',
+    destinationport => '53',
+    ratelimit       => '-',
+    order           => '2002',
+  }
+
+  shorewall::rule { 'dns-route-2':
+    action          => 'DNAT',
+    source          => '$FW',
+    destination     => "fw:$destination:53",
+    proto           => 'udp',
+    destinationport => '53',
+    originaldest    => "$ipaddress",
+    ratelimit       => '-',
+    order           => '2003',
+  }
+}
-- 
cgit v1.2.3