notrack diamon on unger

author Peter Palfrader <peter@palfrader.org>

Mon, 21 Jan 2013 12:45:11 +0000 (13:45 +0100)

committer Peter Palfrader <peter@palfrader.org>

Mon, 21 Jan 2013 12:49:47 +0000 (13:49 +0100)
author Peter Palfrader <peter@palfrader.org>
Mon, 21 Jan 2013 12:45:11 +0000 (13:45 +0100)
committer Peter Palfrader <peter@palfrader.org>
Mon, 21 Jan 2013 12:49:47 +0000 (13:49 +0100)
diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp

index 7be941a..0a9905c 100644 (file)
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -155,6 +155,22 @@ class ferm::per-host {
                                 rule            => '&TCP_UDP_SERVICE(5080)'
                         }
                 }
+               unger: {
+                       @ferm::rule { 'dsa-notrack-dns-diamond-in':
+                               domain      => 'ip',
+                               description => 'NOTRACK for nameserver traffic',
+                               table       => 'raw',
+                               chain       => 'PREROUTING',
+                               rule        => 'destination 82.195.75.102 proto (tcp udp) dport 53 jump NOTRACK'
+                       }
+                       @ferm::rule { 'dsa-notrack-dns-diamond-out':
+                               domain      => 'ip',
+                               description => 'NOTRACK for nameserver traffic',
+                               table       => 'raw',
+                               chain       => 'PREROUTING',
+                               rule        => 'source 82.195.75.102 proto (tcp udp) sport 53 jump NOTRACK'
+                       }
+               }
                 default: {}
         }
author	Peter Palfrader <peter@palfrader.org>
	Mon, 21 Jan 2013 12:45:11 +0000 (13:45 +0100)
committer	Peter Palfrader <peter@palfrader.org>
	Mon, 21 Jan 2013 12:49:47 +0000 (13:49 +0100)