class firewall::rules::out::dns (
  String $ipset = 'dns_resolver',
) {

  nftables::rule { 'default_out-dns_udp_53':
    content => "udp dport 53 ip daddr @${ipset} accept",
  }
  nftables::rule { 'default_out-dns_tcp_53':
    content => "tcp dport 53 ip daddr @${ipset} accept",
  }
}