fw on kaufmann

diff --git a/modules/roles/manifests/keyring.pp b/modules/roles/manifests/keyring.pp
index 08876cd..5743dbd 100644 (file)
--- a/modules/roles/manifests/keyring.pp
+++ b/modules/roles/manifests/keyring.pp
@@ -12,7 +12,14 @@ class roles::keyring {
 
        include named::authoritative
 
-       $notify_address = join(getfromhash($site::allnodeinfo, 'denis.debian.org', 'ipHostNumber'), "; ")
+       $notify_address = join(getfromhash($site::allnodeinfo, 'denis.debian.org', 'ipHostNumber'), "  ")
+       $notify_address_bind = join(getfromhash($site::allnodeinfo, 'denis.debian.org', 'ipHostNumber'), "; ")
+
+       @ferm::rule { '01-dsa-bind':
+               domain      => '(ip ip6)',
+               description => 'Allow nameserver access',
+               rule        => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_NAGIOS $notify_address ) )',
+       }
 
        concat::fragment { 'dsa-named-conf-puppet-misc---openpgpkey-zone':
                target => '/etc/bind/named.conf.puppet-misc',