this should virtually work

[dsa-puppet.git] / modules / named / manifests / init.pp

diff --git a/modules/named/manifests/init.pp b/modules/named/manifests/init.pp
index 0c75aebf07dc854b9db0d59cbd04e2365a0ce38c..65d4cc5f1ab40a0ae0a23be819bf99cac10d7196 100644 (file)
--- a/modules/named/manifests/init.pp
+++ b/modules/named/manifests/init.pp
@@ -17,6 +17,19 @@ class named {
                         refreshonly => true,
                         ;
         }
+        file {
+                "/var/log/bind9":
+                        ensure  => directory,
+                        owner   => bind,
+                        group   => bind,
+                        mode    => 775,
+                        ;
+        }
+        @ferm::rule { "dsa-bind":
+                domain          => "(ip ip6)",
+                description     => "Allow nameserver access",
+                rule            => "proto (udp tcp) mod state state (NEW) dport (53) ACCEPT"
+        }
 }
 
 # vim: set fdm=marker ts=8 sw=8 et: