gluon-firewall: reject DNS queries from br-client (they should be accepted on local-node only)

2014-07-05 15:56:22 +02:00 · 2014-07-05 15:56:22 +02:00 · f6a51c63e4
commit f6a51c63e4
parent ffd86668fe
1 changed files with 11 additions and 0 deletions
--- a/package/gluon-firewall/files/lib/gluon/upgrade/firewall/invariant/011-firewall-rules
+++ b/package/gluon-firewall/files/lib/gluon/upgrade/firewall/invariant/011-firewall-rules
@ -26,5 +26,16 @@ c:section('firewall', 'rule', 'wan_ssh',
 	  }
 )

+
+c:section('firewall', 'rule', 'client_dns',
+	  {
+		  name = 'client_dns',
+		  src = 'client',
+		  dest_port = '53',
+		  target = 'REJECT',
+	  }
+)
+
+
 c:save('firewall')
 c:commit('firewall')