✨: add nsd role

roles/firewall/templates/firewall.j2

@@ -339,6 +339,53 @@ config redirect
 	option dest_port '64738'
 	option target 'DNAT'
 
+# Allow DNS traffic
+config rule
+	option name 'Allow-INPUT-DNS'
+	option src 'wan'
+	list proto 'tcp'
+	list proto 'udp'
+	option dest 'dmz'
+	option dest_ip '{{ hostvars['dns1.dmz.mateu.be']['ansible_default_ipv6']['address'] }}'
+	option dest_port '53'
+	option target 'ACCEPT'
+	option family 'ipv6'
+
+config redirect
+	option name 'Allow-INPUT-DNS'
+	option src 'wan'
+	option src_dport '53'
+	list proto 'tcp'
+	list proto 'udp'
+	option dest 'dmz'
+	option dest_ip '{{ hostvars['dns1.dmz.mateu.be']['ansible_default_ipv4']['address'] }}'
+	option dest_port '53'
+	option target 'DNAT'
+
+config rule
+	option name 'Allow-OUTPUT-DNS'
+	option src 'dmz'
+	option src_ip '{{ hostvars['dns1.dmz.mateu.be']['ansible_default_ipv4']['address'] }}'
+	list proto 'tcp'
+	list proto 'udp'
+	option dest 'wan'
+	option dest_port '53'
+	option dest_ip '{{ hostvars['nsd-master1.ext.mateu.be']['ansible_default_ipv4']['address'] }}'
+	option target 'ACCEPT'
+	option family 'ipv4'
+
+config rule
+	option name 'Allow-OUTPUT-DNS'
+	option src 'dmz'
+	option src_ip '{{ hostvars['dns1.dmz.mateu.be']['ansible_default_ipv6']['address'] }}'
+	list proto 'tcp'
+	list proto 'udp'
+	option dest 'wan'
+	option dest_port '53'
+	option dest_ip '{{ hostvars['nsd-master1.ext.mateu.be']['ansible_default_ipv6']['address'] }}'
+	option target 'ACCEPT'
+	option family 'ipv6'
+
 # Allow mail traffic
 config rule
 	option name 'Allow-OUTPUT-SMTP'