Add extra netnod servers to ferm

diff --git a/modules/ferm/templates/defs.conf.erb b/modules/ferm/templates/defs.conf.erb
index b6f3260..d4f8615 100644 (file)
--- a/modules/ferm/templates/defs.conf.erb
+++ b/modules/ferm/templates/defs.conf.erb
@@ -90,7 +90,8 @@
 @def $HOST_EASYDNS_V4 = (64.68.200.91);
 @def $HOST_RCODE0_V4 = (83.136.34.0/27);
 @def $HOST_RCODE0_V6 = (2A02:850:8::/47);
-@def $HOST_NETNOD_V4 = (192.71.80.0/24 192.36.144.222 192.36.144.218);
+@def $HOST_NETNOD_V4 = (192.71.80.0/24 192.36.144.222 192.36.144.218 194.146.105.24 194.146.105.25);
+@def $HOST_NETNOD_V6 = (2a01:3f0:0:27::24 2a01:3f0:0:28::25);
 
 <%
 def getfastlyranges()

diff --git a/modules/named/manifests/init.pp b/modules/named/manifests/init.pp
index 41cec9a..f731dff 100644 (file)
--- a/modules/named/manifests/init.pp
+++ b/modules/named/manifests/init.pp
@@ -31,7 +31,7 @@ class named {
                @ferm::rule { '01-dsa-bind-6':
                        domain      => '(ip6)',
                        description => 'Allow nameserver access',
-                       rule        => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_DNS_GEO_V6 $HOST_NAGIOS_V6 $HOST_RCODE0_V6 2001:41c8:1000:21::21:21 ) )',
+                       rule        => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_DNS_GEO_V6 $HOST_NAGIOS_V6 $HOST_RCODE0_V6 $HOST_NETNOD_V6 2001:41c8:1000:21::21:21 ) )',
                }
        } else {
                @ferm::rule { '01-dsa-bind':