this should virtually work

[dsa-puppet.git] / modules / named / manifests / init.pp

diff --git a/modules/named/manifests/init.pp b/modules/named/manifests/init.pp
index 5d2e250df297d42cc33f42b4e8982c7b9ed352ca..65d4cc5f1ab40a0ae0a23be819bf99cac10d7196 100644 (file)
--- a/modules/named/manifests/init.pp
+++ b/modules/named/manifests/init.pp
@@ -25,6 +25,11 @@ class named {
                         mode    => 775,
                         ;
         }
+        @ferm::rule { "dsa-bind":
+                domain          => "(ip ip6)",
+                description     => "Allow nameserver access",
+                rule            => "proto (udp tcp) mod state state (NEW) dport (53) ACCEPT"
+        }
 }
 
 # vim: set fdm=marker ts=8 sw=8 et: