From 3c6ef0ed45ca737116329e15aa2b7d9258373047 Mon Sep 17 00:00:00 2001
From: Peter Palfrader <peter@palfrader.org>
Date: Mon, 21 Jan 2013 13:45:11 +0100
Subject: [PATCH] notrack diamon on unger

---
 modules/ferm/manifests/per-host.pp | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/modules/ferm/manifests/per-host.pp b/modules/ferm/manifests/per-host.pp
index 7be941a52..0a9905cff 100644
--- a/modules/ferm/manifests/per-host.pp
+++ b/modules/ferm/manifests/per-host.pp
@@ -155,6 +155,22 @@ class ferm::per-host {
 				rule            => '&TCP_UDP_SERVICE(5080)'
 			}
 		}
+		unger: {
+			@ferm::rule { 'dsa-notrack-dns-diamond-in':
+				domain      => 'ip',
+				description => 'NOTRACK for nameserver traffic',
+				table       => 'raw',
+				chain       => 'PREROUTING',
+				rule        => 'destination 82.195.75.102 proto (tcp udp) dport 53 jump NOTRACK'
+			}
+			@ferm::rule { 'dsa-notrack-dns-diamond-out':
+				domain      => 'ip',
+				description => 'NOTRACK for nameserver traffic',
+				table       => 'raw',
+				chain       => 'PREROUTING',
+				rule        => 'source 82.195.75.102 proto (tcp udp) sport 53 jump NOTRACK'
+			}
+		}
 		default: {}
 	}
 
-- 
2.20.1