@def $HOST_DNS_GEO_V4 = (<%= scope.function_filter_ipv4([rolehost['dns_geo']]).uniq.join(' ') %>);
@def $HOST_DNS_GEO_V6 = (<%= scope.function_filter_ipv6([rolehost['dns_geo']]).uniq.join(' ') %>);
-@def $HOST_EASYDNS_V4 = (64.68.200.91 205.210.42.80);
-@def $HOST_RCODE0_V4 = (83.136.34.0/27);
-@def $HOST_RCODE0_V6 = (2A02:850:8::/47);
-@def $HOST_NETNOD_V4 = (192.71.80.0/24 192.36.144.222 192.36.144.218 194.146.105.24 194.146.105.25);
-@def $HOST_NETNOD_V6 = (2a01:3f0:0:27::24 2a01:3f0:0:28::25);
+@def $HOST_EASYDNS = (64.68.200.91 205.210.42.80);
+@def $HOST_RCODE0 = (83.136.34.0/27 2A02:850:8::/47);
+@def $HOST_NETNOD = (192.71.80.0/24 192.36.144.222 192.36.144.218 194.146.105.24 194.146.105.25 2a01:3f0:0:27::24 2a01:3f0:0:28::25);
<%
def getfastlyranges()
include dnsextras::entries
@ferm::rule { '01-dsa-bind-4':
- domain => '(ip)',
+ domain => '(ip ip6)',
description => 'Allow nameserver access',
- rule => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_DNS_GEO_V4 $HOST_NAGIOS_V4 $HOST_RCODE0_V4 $HOST_EASYDNS_V4 $HOST_NETNOD_V4 ) )',
- }
- @ferm::rule { '01-dsa-bind-6':
- domain => '(ip6)',
- description => 'Allow nameserver access',
- rule => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_DNS_GEO_V6 $HOST_NAGIOS_V6 $HOST_RCODE0_V6 $HOST_NETNOD_V6 ) )',
+ rule => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_DNS_GEO $HOST_NAGIOS $HOST_RCODE0 $HOST_EASYDNS $HOST_NETNOD ) )',
}
}
projects / mirror / dsa-puppet.git / commitdiff