[debian-lan-devel] [SCM] Debian-LAN development and packaging branch, master, updated. debian/0.12-5-g9e1e37c
Andreas B. Mundt
andi at debian.org
Fri Jul 19 07:45:28 UTC 2013
The following commit has been merged in the master branch:
commit 03e4e21e0ecfc9cbce5615b14ef8e312e2bae510
Author: Andreas B. Mundt <andi at debian.org>
Date: Fri Jul 19 08:55:25 2013 +0200
Improve gateway: DNS forwarding. Allow HTTP and NTP internet access.
Configure bind on the mainserver to use the gateway as forwarder.
diff --git a/fai/config/package_config/GATEWAY_A b/fai/config/package_config/GATEWAY_A
index bea7a61..3ece77a 100644
--- a/fai/config/package_config/GATEWAY_A
+++ b/fai/config/package_config/GATEWAY_A
@@ -1,4 +1,7 @@
PACKAGES aptitude
+bind9-host
+dnsmasq
+ntp
etckeeper
anacron
unattended-upgrades
diff --git a/fai/config/scripts/DNS_SERVER/30-forwarders b/fai/config/scripts/DNS_SERVER/30-forwarders
new file mode 100755
index 0000000..1ddc7ae
--- /dev/null
+++ b/fai/config/scripts/DNS_SERVER/30-forwarders
@@ -0,0 +1,10 @@
+#!/bin/bash
+#
+set -e
+
+if [ "$FAI_ACTION" = "install" ] || [ "$CONVERT" = "true" ] ; then
+ if [ "$MAINSERVER_IPADDR" != "$GATEWAY" ] ; then
+ ## Add gateway as DNS forwarder:
+ sed -i -e "/\/\/ forwarders {/i \ forwarders {${GATEWAY};};" $target/etc/bind/named.conf.options
+ fi
+fi
diff --git a/fai/config/scripts/FIREWALL/10-config b/fai/config/scripts/FIREWALL/10-config
index 20a9940..678648d 100755
--- a/fai/config/scripts/FIREWALL/10-config
+++ b/fai/config/scripts/FIREWALL/10-config
@@ -63,7 +63,9 @@ elif [ "$HOSTNAME" = "gateway" ] ; then
# Limit ssh connections from everywhere
#
SSH(ACCEPT) all \$FW - - - - s:1/min:1
-
+HTTP(ACCEPT) \$FW net
+NTP(ACCEPT) \$FW net
+DNS(ACCEPT) loc \$FW
EOF
else
--
Debian-LAN development and packaging
More information about the debian-lan-devel
mailing list