Ben Vincent
b9465cd78b
- create classes for each class of in/out traffic - use hier_include to add firewall rules to each role
12 lines
287 B
Puppet
12 lines
287 B
Puppet
class firewall::rules::out::dns (
|
|
String $ipset = 'dns_resolver',
|
|
) {
|
|
|
|
nftables::rule { 'default_out-dns_udp_53':
|
|
content => "udp dport 53 ip daddr @${ipset} accept",
|
|
}
|
|
nftables::rule { 'default_out-dns_tcp_53':
|
|
content => "tcp dport 53 ip daddr @${ipset} accept",
|
|
}
|
|
}
|