rule => 'proto (tcp udp) dport 53 jump NOTRACK'
}
+ @ferm::rule { 'dsa-bind-notrack-out':
+ domain => '(ip ip6)',
+ description => 'NOTRACK for nameserver traffic',
+ table => 'raw',
+ chain => 'PREROUTING',
+ rule => 'proto (tcp udp) sport 53 jump NOTRACK'
+ }
+
file { '/var/log/bind9':
ensure => directory,
owner => bind,