Adding firewall::vserver::dns

author Silvio Rhatto <rhatto@riseup.net>

Mon, 15 Aug 2011 22:02:52 +0000 (19:02 -0300)

committer Silvio Rhatto <rhatto@riseup.net>

Mon, 15 Aug 2011 22:02:52 +0000 (19:02 -0300)
author Silvio Rhatto <rhatto@riseup.net>
Mon, 15 Aug 2011 22:02:52 +0000 (19:02 -0300)
committer Silvio Rhatto <rhatto@riseup.net>
Mon, 15 Aug 2011 22:02:52 +0000 (19:02 -0300)
diff --git a/manifests/subsystems/firewall/vserver.pp b/manifests/subsystems/firewall/vserver.pp

index 843d24f324a37151181cb0bf94a72a8dd98a7bc5..9bf0a217cd77fab60e432e561fd2e6f784415de5 100644 (file)
--- a/manifests/subsystems/firewall/vserver.pp
+++ b/manifests/subsystems/firewall/vserver.pp
@@ -277,3 +277,47 @@ define firewall::vserver::munin($destination, $port_orig, $port_dest = '', $orde
      order           => $order,
    }
  }
+
+class firewall::vserver::dns($destination, $zone = 'vm') {
+  shorewall::rule { 'dns-route-1':
+    action          => 'DNAT',
+    source          => 'net',
+    destination     => "$zone:$destination:53",
+    proto           => 'tcp',
+    destinationport => '53',
+    ratelimit       => '-',
+    order           => '2000',
+  }
+
+  shorewall::rule { 'dns-route-2':
+    action          => 'DNAT',
+    source          => '$FW',
+    destination     => "fw:$destination:53",
+    proto           => 'tcp',
+    destinationport => '53',
+    originaldest    => "$ipaddress",
+    ratelimit       => '-',
+    order           => '2001',
+  }
+
+  shorewall::rule { 'dns-route-1':
+    action          => 'DNAT',
+    source          => 'net',
+    destination     => "$zone:$destination:53",
+    proto           => 'udp',
+    destinationport => '53',
+    ratelimit       => '-',
+    order           => '2002',
+  }
+
+  shorewall::rule { 'dns-route-2':
+    action          => 'DNAT',
+    source          => '$FW',
+    destination     => "fw:$destination:53",
+    proto           => 'udp',
+    destinationport => '53',
+    originaldest    => "$ipaddress",
+    ratelimit       => '-',
+    order           => '2003',
+  }
+}
diff --git a/manifests/vserver.pp b/manifests/vserver.pp

index 79b39bdda45b2e3097b39cff5692daa3c13c910f..c7c721678f47a5941b5ebefa94b84f5a6d5eb1a5 100644 (file)
--- a/manifests/vserver.pp
+++ b/manifests/vserver.pp
@@ -37,7 +37,7 @@ class nodo::vserver inherits nodo {
    define instance($context, $ensure = 'running', $proxy = false,
                    $puppetmaster = false, $gitd = false, $mail = false,
                    $icecast = false, $sound = false, $ticket = false,
-                  $memory_limit = false, $distro = 'lenny') {
+                  $memory_limit = false, $distro = 'lenny', $dns = false) {
  
      # set instance id
      if $context <= 9 {
@@ -155,6 +155,12 @@ class nodo::vserver inherits nodo {
              "firewall::vserver::mail": destination => "192.168.0.$context";
            }
          }
+
+        if $dns {
+          class {
+            "firewall::vserver::dns": destination => "192.168.0.$context";
+          }
+        }
        }
      }
    }
author	Silvio Rhatto <rhatto@riseup.net>
	Mon, 15 Aug 2011 22:02:52 +0000 (19:02 -0300)
committer	Silvio Rhatto <rhatto@riseup.net>
	Mon, 15 Aug 2011 22:02:52 +0000 (19:02 -0300)
manifests/subsystems/firewall/vserver.pp		patch \| blob \| history
manifests/vserver.pp		patch \| blob \| history