From: Stephen Gran <steve@lobefin.net>
Date: Mon, 21 Jan 2013 12:18:44 +0000 (+0000)
Subject: stop tracking output as well
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=fa403c7eb2687ed007a843a6560d373b41a01905;p=mirror%2Fdsa-puppet.git

stop tracking output as well

Signed-off-by: Stephen Gran <steve@lobefin.net>
---

diff --git a/modules/named/manifests/init.pp b/modules/named/manifests/init.pp
index 83647911b..9cc377e6e 100644
--- a/modules/named/manifests/init.pp
+++ b/modules/named/manifests/init.pp
@@ -24,6 +24,14 @@ class named {
 		rule        => 'proto (tcp udp) dport 53 jump NOTRACK'
 	}
 
+	@ferm::rule { 'dsa-bind-notrack-out':
+		domain      => '(ip ip6)',
+		description => 'NOTRACK for nameserver traffic',
+		table       => 'raw',
+		chain       => 'PREROUTING',
+		rule        => 'proto (tcp udp) sport 53 jump NOTRACK'
+	}
+
 	file { '/var/log/bind9':
 		ensure => directory,
 		owner  => bind,