diff options
| -rw-r--r-- | puppet/modules/site_shorewall/manifests/eip.pp | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/puppet/modules/site_shorewall/manifests/eip.pp b/puppet/modules/site_shorewall/manifests/eip.pp index 7109b770..13f831b6 100644 --- a/puppet/modules/site_shorewall/manifests/eip.pp +++ b/puppet/modules/site_shorewall/manifests/eip.pp @@ -68,6 +68,22 @@ class site_shorewall::eip { destination => '$FW', action => 'leap_eip(ACCEPT)', order => 200; + + 'block_eip_dns_udp': + action => 'REJECT', + source => 'eip', + destination => 'net', + protocol => 'udp', + destinationport => 'domain', + order => 300; + + 'block_eip_dns_tcp': + action => 'REJECT', + source => 'eip', + destination => 'net', + protocol => 'tcp', + destinationport => 'domain', + order => 301; } # create dnat rule for each port |