From d6c73a6e8dca74894db8de86b3b1d740ee841ca5 Mon Sep 17 00:00:00 2001 From: Silvio Rhatto Date: Tue, 23 Aug 2011 19:36:53 -0300 Subject: Additional DNS rule --- manifests/subsystems/firewall/vserver.pp | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) (limited to 'manifests/subsystems') diff --git a/manifests/subsystems/firewall/vserver.pp b/manifests/subsystems/firewall/vserver.pp index 8273c47..784c38d 100644 --- a/manifests/subsystems/firewall/vserver.pp +++ b/manifests/subsystems/firewall/vserver.pp @@ -279,6 +279,16 @@ define firewall::vserver::munin($destination, $port_orig, $port_dest = '', $orde } class firewall::vserver::dns($destination, $zone = 'vm') { + shorewall::rule { 'dns-route-0': + action => 'DNS/ACCEPT', + source => 'net', + destination => '$FW', + proto => '-', + destinationport => '-', + ratelimit => '-', + order => '2000', + } + shorewall::rule { 'dns-route-1': action => 'DNAT', source => 'net', @@ -286,7 +296,7 @@ class firewall::vserver::dns($destination, $zone = 'vm') { proto => 'tcp', destinationport => '53', ratelimit => '-', - order => '2000', + order => '2001', } shorewall::rule { 'dns-route-2': @@ -297,7 +307,7 @@ class firewall::vserver::dns($destination, $zone = 'vm') { destinationport => '53', originaldest => "$ipaddress", ratelimit => '-', - order => '2001', + order => '2002', } shorewall::rule { 'dns-route-3': @@ -307,7 +317,7 @@ class firewall::vserver::dns($destination, $zone = 'vm') { proto => 'udp', destinationport => '53', ratelimit => '-', - order => '2002', + order => '2003', } shorewall::rule { 'dns-route-4': @@ -318,6 +328,6 @@ class firewall::vserver::dns($destination, $zone = 'vm') { destinationport => '53', originaldest => "$ipaddress", ratelimit => '-', - order => '2003', + order => '2004', } } -- cgit v1.2.3