dns/dns-ops
2
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

add nft rules for dns

Browse source
This commit is contained in:
pettai 2024-06-14 21:43:29 +02:00
parent 8c6cf419bf
commit e1987a3080
No known key found for this signature in database
GPG key ID: CDF2C381E9A751BD
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
global/overlay/etc/puppet/modules/dns/manifests/knotdns.pp
View file

@ -91,4 +91,12 @@ class dns::knotdns(
owner => 'knot_rest', owner => 'knot_rest',
group => 'knot_rest', group => 'knot_rest',
} }
# NFT rules
sunet::nftables::rule { 'dns-udp':
rule => "add rule inet filter input udp dport 53 counter accept comment \"allow-dns-udp\""
}
sunet::nftables::rule { 'dns-tcp':
rule => "add rule inet filter input tcp dport 53 counter accept comment \"allow-dns-tcp\""
}
} }