9.1.8.2. Information Flow Enforcement
The named module explicitly opens TCP and UDP ports 53 for the DNS by
using IPTables rules. The connecting source IPs are limited to the value of
$simp_options::trusted_nets
which for most installs is the local network.
References: AC-4 : INFORMATION FLOW ENFORCEMENT