15 lines
384 B
Puppet
15 lines
384 B
Puppet
class firewall::rules::out::dns (
|
|
String $ipset = 'dns_resolver',
|
|
Array[Stdlib::Port] $ports = [53],
|
|
) {
|
|
|
|
$ports.each |$port| {
|
|
nftables::rule { "default_out-dns_udp_${port}":
|
|
content => "udp dport ${port} ip daddr @${ipset} accept",
|
|
}
|
|
nftables::rule { "default_out-dns_tcp_${port}":
|
|
content => "tcp dport ${port} ip daddr @${ipset} accept",
|
|
}
|
|
}
|
|
}
|