@def $HOST_EASYDNS_V4 = (64.68.200.91);
@def $HOST_RCODE0_V4 = (83.136.34.0/27);
@def $HOST_RCODE0_V6 = (2A02:850:8::/47);
+@def $HOST_NETNOD_V4 = (192.71.80.0/24 192.36.144.222 192.36.144.218);
@def $HOST_DEBIAN_V4 = (<%= scope.function_filter_ipv4([dbs]).uniq.join(' ') %>);
@def $HOST_DEBIAN_V6 = (<%= scope.function_filter_ipv6([dbs]).uniq.join(' ') %>);
@ferm::rule { '01-dsa-bind-4':
domain => '(ip)',
description => 'Allow nameserver access',
- rule => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_DNS_GEO_V4 $HOST_NAGIOS_V4 $HOST_RCODE0_V4 $HOST_EASYDNS_V4 5.153.231.21 ) )',
+ rule => '&TCP_UDP_SERVICE_RANGE(53, ( $HOST_DNS_GEO_V4 $HOST_NAGIOS_V4 $HOST_RCODE0_V4 $HOST_EASYDNS_V4 $HOST_NETNOD_V4 5.153.231.21 ) )',
}
@ferm::rule { '01-dsa-bind-6':
domain => '(ip6)',
projects / dsa-puppet.git / commitdiff