From: Marcel Haerry <haerry@puzzle.ch>
Date: Mon, 26 May 2008 14:20:59 +0000 (+0200)
Subject: added shorewall config for dns
X-Git-Url: https://gitweb.fluxo.info/?a=commitdiff_plain;h=2bd5b840234352daf85ecc2dcaff4f4fbc43a0ab;p=puppet-resolvconf.git

added shorewall config for dns
---

diff --git a/manifests/init.pp b/manifests/init.pp
index ef83b3e..ef73956 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -26,4 +26,8 @@ class resolvconf {
         mode => 444,
         content => template("resolvconf/resolvconf.erb")
     }
+
+    if $use_shorewall {
+        include resolvconf::shorewall
+    }
 }
diff --git a/manifests/shorewall.pp b/manifests/shorewall.pp
new file mode 100644
index 0000000..114bda7
--- /dev/null
+++ b/manifests/shorewall.pp
@@ -0,0 +1,22 @@
+# manifests/shorewall.pp
+
+class resolvconf::shorewall {
+    include shorewall
+
+    shorewall::rule {
+        'me-net-tcp_dns':
+                        source          =>      '$FW',
+                        destination     =>      'net',
+                        proto           =>      'tcp',
+                        destinationport =>      '53',
+                        order           =>      250,
+                        action          =>      'ACCEPT';
+        'me-net-udp_dns':
+                        source          =>      '$FW',
+                        destination     =>      'net',
+                        proto           =>      'udp',
+                        destinationport =>      '53',
+                        order           =>      251,
+                        action          =>      'ACCEPT'; 
+    }
+}