From: Julien Cristau <jcristau@debian.org>
Date: Thu, 23 Nov 2017 00:34:50 +0000 (+0000)
Subject: Add extra netnod servers to ferm
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=366f6f92cd5c4e597604d1ca140473eec3b554ef;p=mirror%2Fdsa-puppet.git

Add extra netnod servers to ferm
---

diff --git a/modules/ferm/templates/defs.conf.erb b/modules/ferm/templates/defs.conf.erb
index b6f326004..d4f861518 100644
--- a/modules/ferm/templates/defs.conf.erb
+++ b/modules/ferm/templates/defs.conf.erb
@@ -90,7 +90,8 @@
 @def $HOST_EASYDNS_V4 = (64.68.200.91);
 @def $HOST_RCODE0_V4 = (83.136.34.0/27);
 @def $HOST_RCODE0_V6 = (2A02:850:8::/47);
-@def $HOST_NETNOD_V4 = (192.71.80.0/24 192.36.144.222 192.36.144.218);
+@def $HOST_NETNOD_V4 = (192.71.80.0/24 192.36.144.222 192.36.144.218 194.146.105.24 194.146.105.25);
+@def $HOST_NETNOD_V6 = (2a01:3f0:0:27::24 2a01:3f0:0:28::25);
 
 <%
 def getfastlyranges()
diff --git a/modules/named/manifests/init.pp b/modules/named/manifests/init.pp
index 41cec9a87..f731dffcf 100644
--- a/modules/named/manifests/init.pp
+++ b/modules/named/manifests/init.pp
@@ -31,7 +31,7 @@ class named {
 		@ferm::rule { '01-dsa-bind-6':
 			domain      => '(ip6)',
 			description => 'Allow nameserver access',
-			rule        => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_DNS_GEO_V6 $HOST_NAGIOS_V6 $HOST_RCODE0_V6 2001:41c8:1000:21::21:21 ) )',
+			rule        => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_DNS_GEO_V6 $HOST_NAGIOS_V6 $HOST_RCODE0_V6 $HOST_NETNOD_V6 2001:41c8:1000:21::21:21 ) )',
 		}
 	} else {
 		@ferm::rule { '01-dsa-bind':