Commit 1d1a46aa authored by mh's avatar mh

make it easier to override behaviour of the dns rules

parent 3df8cae2
# open dns port
class shorewall::rules::dns {
shorewall::rule {
'net-me-tcp_dns':
source => 'net',
destination => '$FW',
proto => 'tcp',
destinationport => '53',
order => 240,
action => 'ACCEPT';
'net-me-udp_dns':
source => 'net',
destination => '$FW',
proto => 'udp',
destinationport => '53',
order => 240,
action => 'ACCEPT';
}
shorewall::rules::dns_rules{
'net':
}
}
# disable dns acccess
class shorewall::rules::dns::disable inherits shorewall::rules::dns {
Shorewall::Rule['net-me-tcp_dns', 'net-me-udp_dns']{
action => 'DROP',
}
Shorewall::Rules::Dns_rules['net']{
action => 'DROP',
}
}
# open dns port
define shorewall::rules::dns_rules(
$source = $name,
$action = 'ACCEPT',
) {
shorewall::rule {
"${source}-me-tcp_dns":
source => $source,
destination => '$FW',
proto => 'tcp',
destinationport => '53',
order => 240,
action => $action;
"${source}-me-udp_dns":
source => $source,
destination => '$FW',
proto => 'udp',
destinationport => '53',
order => 240,
action => $action;
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment