fix: block pod to wireserver port 80 traffic on windows multitenancy (#2515)

QxBytes · web-flow · commit a1bf7bfb715c · 2024-02-08T16:37:30.000Z
Add endpoint policy to block wireserver traffic on windows
diff --git a/cni/azure-windows-multitenancy.conflist b/cni/azure-windows-multitenancy.conflist
@@ -42,6 +42,19 @@
                         "DestinationPrefix": "10.0.0.0/8",
                         "NeedEncap": true
                     }
+                },
+                {
+                    "Name": "EndpointPolicy",
+                    "Value": {
+                        "Type": "ACL",
+                        "Protocols": "6",
+                        "Action": "Block",
+                        "Direction": "Out",
+                        "RemoteAddresses": "168.63.129.16",
+                        "RemotePorts": "80",
+                        "Priority": 200,
+                        "RuleType": "Switch"
+                    }
                 }
             ],
              "windowsSettings": {
