/manifests/rules/llmnr.pp - Annoter - puppet nftables - Koumbit's Redmine

Télécharger au format

root / manifests / rules / llmnr.pp @ 02d6e88a

Historique | Voir | Annoter | Télécharger (939 octets)

1	3b26826f	Tim Meusel	#
2			# @summary allow incoming Link-Local Multicast Name Resolution
3			#
4			# @param ipv4 Allow LLMNR over IPv4
5			# @param ipv6 Allow LLMNR over IPv6
6	1ef7d5c4	Tim Meusel	# @param iifname optional list of incoming interfaces to filter on
7			#
8			# @author Tim Meusel <tim@bastelfreak.de>
9	3b26826f	Tim Meusel	#
10			# @see https://datatracker.ietf.org/doc/html/rfc4795
11			#
12			class nftables::rules::llmnr (
13			Boolean $ipv4 = true,
14			Boolean $ipv6 = true,
15	1ef7d5c4	Tim Meusel	Array[String[1]] $iifname = [],
16	3b26826f	Tim Meusel	) {
17	1ef7d5c4	Tim Meusel	if empty($iifname) {
18			$_iifname = ''
19			} else {
20			$iifdata = $iifname.map \|String[1] $interface\| { "\"${interface}\"" }.join(', ')
21			$_iifname = "iifname { ${iifdata} } "
22			}
23	3b26826f	Tim Meusel	if $ipv4 {
24			nftables::rule { 'default_in-llmnr_v4':
25	1ef7d5c4	Tim Meusel	content => "${_iifname}ip daddr 224.0.0.252 udp dport 5355 accept comment \"allow LLMNR\"",
26	3b26826f	Tim Meusel	}
27			}
28			if $ipv6 {
29			nftables::rule { 'default_in-llmnr_v6':
30	1ef7d5c4	Tim Meusel	content => "${_iifname}ip6 daddr ff02::1:3 udp dport 5355 accept comment \"allow LLMNR\"",
31	3b26826f	Tim Meusel	}
32			}
33			}