fix: block pod to wireserver port 80 traffic on windows multitenancy (#…

…2515) Add endpoint policy to block wireserver traffic on windows
Azure · Feb 8, 2024 · a1bf7bf · a1bf7bf
1 parent f97eb96
commit a1bf7bf
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/cni/azure-windows-multitenancy.conflist b/cni/azure-windows-multitenancy.conflist
@@ -42,6 +42,19 @@
                         "DestinationPrefix": "10.0.0.0/8",
                         "NeedEncap": true
                     }
+                },
+                {
+                    "Name": "EndpointPolicy",
+                    "Value": {
+                        "Type": "ACL",
+                        "Protocols": "6",
+                        "Action": "Block",
+                        "Direction": "Out",
+                        "RemoteAddresses": "168.63.129.16",
+                        "RemotePorts": "80",
+                        "Priority": 200,
+                        "RuleType": "Switch"
+                    }
                 }
             ],
              "windowsSettings": {