- scelsi: {
- @ferm::rule { 'dc11-icecast':
- domain => '(ip ip6)',
- description => 'Allow icecast access',
- rule => '&SERVICE(tcp, 8000)'
+ unger: {
+ @ferm::rule { 'dsa-notrack-dns-diamond-in':
+ domain => 'ip',
+ description => 'NOTRACK for nameserver traffic',
+ table => 'raw',
+ chain => 'PREROUTING',
+ rule => 'destination 82.195.75.108 proto (tcp udp) dport 53 jump NOTRACK'
+ }
+ @ferm::rule { 'dsa-notrack-dns-diamond-out':
+ domain => 'ip',
+ description => 'NOTRACK for nameserver traffic',
+ table => 'raw',
+ chain => 'PREROUTING',
+ rule => 'source 82.195.75.108 proto (tcp udp) sport 53 jump NOTRACK'