make dns primary export and keyring host collect firewall rules for the openpgpkey...

[mirror/dsa-puppet.git] / modules / named / manifests / primary.pp

diff --git a/modules/named/manifests/primary.pp b/modules/named/manifests/primary.pp
index 5f3f6be..cafefff 100644 (file)
--- a/modules/named/manifests/primary.pp
+++ b/modules/named/manifests/primary.pp
@@ -49,6 +49,13 @@ class named::primary inherits named::authoritative {
       };
       | EOF
   }
+  @@ferm::rule::simple { "dsa-bind-from-${::fqdn}":
+    tag         => 'named::keyring::ferm',
+    description => 'Allow primary access to the keyring master',
+    proto       => ['udp', 'tcp'],
+    port        => 'domain',
+    saddr       => $base::public_addresses,
+  }
 
   concat::fragment { 'puppet-crontab--nsec3':
     target  => '/etc/cron.d/puppet-crontab',