From: Peter Palfrader Date: Sun, 7 Jul 2019 08:56:32 +0000 (+0200) Subject: unify v4 and v6 rules in named::primary X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=5ef79475a5a4f36d231e57289b10850d4d3f16af;p=mirror%2Fdsa-puppet.git unify v4 and v6 rules in named::primary --- diff --git a/modules/ferm/templates/defs.conf.erb b/modules/ferm/templates/defs.conf.erb index 00aebf278..4981a4220 100644 --- a/modules/ferm/templates/defs.conf.erb +++ b/modules/ferm/templates/defs.conf.erb @@ -87,11 +87,9 @@ @def $HOST_DNS_GEO_V4 = (<%= scope.function_filter_ipv4([rolehost['dns_geo']]).uniq.join(' ') %>); @def $HOST_DNS_GEO_V6 = (<%= scope.function_filter_ipv6([rolehost['dns_geo']]).uniq.join(' ') %>); -@def $HOST_EASYDNS_V4 = (64.68.200.91 205.210.42.80); -@def $HOST_RCODE0_V4 = (83.136.34.0/27); -@def $HOST_RCODE0_V6 = (2A02:850:8::/47); -@def $HOST_NETNOD_V4 = (192.71.80.0/24 192.36.144.222 192.36.144.218 194.146.105.24 194.146.105.25); -@def $HOST_NETNOD_V6 = (2a01:3f0:0:27::24 2a01:3f0:0:28::25); +@def $HOST_EASYDNS = (64.68.200.91 205.210.42.80); +@def $HOST_RCODE0 = (83.136.34.0/27 2A02:850:8::/47); +@def $HOST_NETNOD = (192.71.80.0/24 192.36.144.222 192.36.144.218 194.146.105.24 194.146.105.25 2a01:3f0:0:27::24 2a01:3f0:0:28::25); <% def getfastlyranges() diff --git a/modules/named/manifests/primary.pp b/modules/named/manifests/primary.pp index 0c63531f9..b0df105f8 100644 --- a/modules/named/manifests/primary.pp +++ b/modules/named/manifests/primary.pp @@ -2,13 +2,8 @@ class named::primary inherits named::authoritative { include dnsextras::entries @ferm::rule { '01-dsa-bind-4': - domain => '(ip)', + domain => '(ip ip6)', description => 'Allow nameserver access', - rule => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_DNS_GEO_V4 $HOST_NAGIOS_V4 $HOST_RCODE0_V4 $HOST_EASYDNS_V4 $HOST_NETNOD_V4 ) )', - } - @ferm::rule { '01-dsa-bind-6': - domain => '(ip6)', - description => 'Allow nameserver access', - rule => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_DNS_GEO_V6 $HOST_NAGIOS_V6 $HOST_RCODE0_V6 $HOST_NETNOD_V6 ) )', + rule => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_DNS_GEO $HOST_NAGIOS $HOST_RCODE0 $HOST_EASYDNS $HOST_NETNOD ) )', } }