From: Peter Palfrader <peter@palfrader.org>
Date: Mon, 21 Jan 2013 12:45:11 +0000 (+0100)
Subject: notrack diamon on unger
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=3c6ef0ed45ca737116329e15aa2b7d9258373047;p=mirror%2Fdsa-puppet.git

notrack diamon on unger
---

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 7be941a52..0a9905cff 100644
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -155,6 +155,22 @@ class ferm::per-host {
 				rule            => '&TCP_UDP_SERVICE(5080)'
 			}
 		}
+		unger: {
+			@ferm::rule { 'dsa-notrack-dns-diamond-in':
+				domain      => 'ip',
+				description => 'NOTRACK for nameserver traffic',
+				table       => 'raw',
+				chain       => 'PREROUTING',
+				rule        => 'destination 82.195.75.102 proto (tcp udp) dport 53 jump NOTRACK'
+			}
+			@ferm::rule { 'dsa-notrack-dns-diamond-out':
+				domain      => 'ip',
+				description => 'NOTRACK for nameserver traffic',
+				table       => 'raw',
+				chain       => 'PREROUTING',
+				rule        => 'source 82.195.75.102 proto (tcp udp) sport 53 jump NOTRACK'
+			}
+		}
 		default: {}
 	}