Additional DNS rule

diff --git a/manifests/subsystems/firewall/vserver.pp b/manifests/subsystems/firewall/vserver.pp
index 8273c47426396e88dbd380f7897f908b3d9d3005..784c38dd13149fb7f9b1174207adbc4fab618dce 100644 (file)
--- a/manifests/subsystems/firewall/vserver.pp
+++ b/manifests/subsystems/firewall/vserver.pp
@@ -279,6 +279,16 @@ define firewall::vserver::munin($destination, $port_orig, $port_dest = '', $orde
 }
 
 class firewall::vserver::dns($destination, $zone = 'vm') {
+  shorewall::rule { 'dns-route-0':
+    action          => 'DNS/ACCEPT',
+    source          => 'net',
+    destination     => '$FW',
+    proto           => '-',
+    destinationport => '-',
+    ratelimit       => '-',
+    order           => '2000',
+  }
+
   shorewall::rule { 'dns-route-1':
     action          => 'DNAT',
     source          => 'net',
@@ -286,7 +296,7 @@ class firewall::vserver::dns($destination, $zone = 'vm') {
     proto           => 'tcp',
     destinationport => '53',
     ratelimit       => '-',
-    order           => '2000',
+    order           => '2001',
   }
 
   shorewall::rule { 'dns-route-2':
@@ -297,7 +307,7 @@ class firewall::vserver::dns($destination, $zone = 'vm') {
     destinationport => '53',
     originaldest    => "$ipaddress",
     ratelimit       => '-',
-    order           => '2001',
+    order           => '2002',
   }
 
   shorewall::rule { 'dns-route-3':
@@ -307,7 +317,7 @@ class firewall::vserver::dns($destination, $zone = 'vm') {
     proto           => 'udp',
     destinationport => '53',
     ratelimit       => '-',
-    order           => '2002',
+    order           => '2003',
   }
 
   shorewall::rule { 'dns-route-4':
@@ -318,6 +328,6 @@ class firewall::vserver::dns($destination, $zone = 'vm') {
     destinationport => '53',
     originaldest    => "$ipaddress",
     ratelimit       => '-',
-    order           => '2003',
+    order           => '2004',
   }
 }