publish, store and collect ferm rules for dns primary access

[mirror/dsa-puppet.git] / modules / named / manifests / geodns.pp

diff --git a/modules/named/manifests/geodns.pp b/modules/named/manifests/geodns.pp
index 49a9663..37a9065 100644 (file)
--- a/modules/named/manifests/geodns.pp
+++ b/modules/named/manifests/geodns.pp
@@ -60,4 +60,12 @@ class named::geodns inherits named {
     proto       => ['udp', 'tcp'],
     port        => 'domain',
   }
+
+  @@ferm::rule::simple { "dsa-bind-from-${::fqdn}":
+    tag         => 'named::primary::ferm',
+    description => 'Allow geo nameserver access to the primary for the (non-geo) zones that we AXFR',
+    proto       => ['udp', 'tcp'],
+    port        => 'domain',
+    saddr       => $base::public_addresses,
+  }
 }