+# open dns port
class shorewall::rules::dns {
- shorewall::rule {
- 'net-me-tcp_dns':
- source => 'net',
- destination => '$FW',
- proto => 'tcp',
- destinationport => '53',
- order => 240,
- action => 'ACCEPT';
- 'net-me-udp_dns':
- source => 'net',
- destination => '$FW',
- proto => 'udp',
- destinationport => '53',
- order => 240,
- action => 'ACCEPT';
- }
+ shorewall::rules::dns_rules{
+ 'net':
+ }
}
+# disable dns acccess
class shorewall::rules::dns::disable inherits shorewall::rules::dns {
- Shorewall::Rule['net-me-tcp_dns', 'net-me-udp_dns']{
- action => 'DROP',
- }
+ Shorewall::Rules::Dns_rules['net']{
+ action => 'DROP',
+ }
}
--- /dev/null
+# open dns port
+define shorewall::rules::dns_rules(
+ $source = $name,
+ $action = 'ACCEPT',
+) {
+ shorewall::rule {
+ "${source}-me-tcp_dns":
+ source => $source,
+ destination => '$FW',
+ proto => 'tcp',
+ destinationport => '53',
+ order => 240,
+ action => $action;
+ "${source}-me-udp_dns":
+ source => $source,
+ destination => '$FW',
+ proto => 'udp',
+ destinationport => '53',
+ order => 240,
+ action => $action;
+ }
+}
projects / puppet-shorewall.git / commitdiff