Projet

Général

Profil

Révision 09b07e56

ID09b07e569da1dbb61d09b3d35ca668ca82830c6e
Parent 6739966c
Enfant f1ef02c5

Ajouté par Nacho Barrientos il y a plus de 4 ans

Encapsulate port-related exprs in Nftables::Port

Voir les différences:

manifests/simplerule.pp
61 61 
  String $table = 'inet-filter',
62 62 
  Enum['accept', 'continue', 'drop', 'queue', 'return'] $action = 'accept',
63 63 
  Optional[String] $comment = undef,
64 
  Optional[Variant[Array[Stdlib::Port, 1], Stdlib::Port, Pattern[/\d+-\d+/]]] $dport = undef,
64 
  Optional[Nftables::Port] $dport = undef,
65 65 
  Optional[Enum['tcp', 'tcp4', 'tcp6', 'udp', 'udp4', 'udp6']] $proto = undef,
66 66 
  Optional[Variant[Stdlib::IP::Address::V6, Stdlib::IP::Address::V4, Pattern[/^@[-a-zA-Z0-9_]+$/]]] $daddr = undef,
67 67 
  Enum['ip', 'ip6'] $set_type = 'ip6',
68 
  Optional[Variant[Array[Stdlib::Port, 1], Stdlib::Port, Pattern[/\d+-\d+/]]] $sport = undef,
68 
  Optional[Nftables::Port] $sport = undef,
69 69 
  Optional[Variant[Stdlib::IP::Address::V6, Stdlib::IP::Address::V4, Pattern[/^@[-a-zA-Z0-9_]+$/]]] $saddr = undef,
70 70 
  Boolean $counter = false,
71 71 
) {
spec/type_aliases/nftables_port_spec.rb
1 
require 'spec_helper'
2 

  		




  
  3
  
    
describe 'Nftables::Port' do


  		




  
  4
  
    
  it { is_expected.to allow_value(53) }


  		




  
  5
  
    
  it { is_expected.to allow_value([1, 1985, 65_535]) }


  		




  
  6
  
    
  it { is_expected.to allow_value('53-55') }


  		




  
  7
  
    
  it { is_expected.not_to allow_value('53') }


  		




  
  8
  
    
  it { is_expected.not_to allow_value([]) }


  		




  
  9
  
    
end


  		












  

    
      templates/simplerule.epp
    
  





  2
  2
  
    
      Optional[String]        $comment,


  		




  3
  3
  
    
      Boolean                 $counter,


  		




  4
  4
  
    
      Optional[Variant[Stdlib::IP::Address::V6, Stdlib::IP::Address::V4, Pattern[/^@[-a-zA-Z0-9_]+$/]]] $daddr,


  		




  5
  
  
    
      Optional[Variant[Array[Stdlib::Port, 1], Stdlib::Port, String]] $dport,


  		




  
  5
  
    
      Optional[Nftables::Port] $dport,


  		




  6
  6
  
    
      Optional[String]        $proto,


  		




  7
  7
  
    
      Optional[Variant[Stdlib::IP::Address::V6, Stdlib::IP::Address::V4, Pattern[/^@[-a-zA-Z0-9_]+$/]]] $saddr,


  		




  8
  8
  
    
      Enum['ip', 'ip6']       $set_type,


  		




  9
  
  
    
      Optional[Variant[Array[Stdlib::Port, 1], Stdlib::Port, String]] $sport,


  		




  
  9
  
    
      Optional[Nftables::Port] $sport,


  		




  10
  10
  
    
| -%>


  		




  11
  11
  
    
<%- if $proto {


  		




  12
  12
  
    
  $_proto = $proto ? {


  		












  

    
      types/port.pp
    
  





  
  1
  
    
# @summary


  		




  
  2
  
    
#   Represents a port expression to be used within a rule.


  		




  
  3
  
    
type Nftables::Port = Variant[


  		




  
  4
  
    
  Array[Stdlib::Port, 1],


  		




  
  5
  
    
  Stdlib::Port,


  		




  
  6
  
    
  Nftables::Port::Range,


  		




  
  7
  
    
]


  		












  

    
      types/port/range.pp
    
  





  
  1
  
    
# @summary


  		




  
  2
  
    
#   Represents a port range expression to be used within a rule.


  		




  
  3
  
    
type Nftables::Port::Range = Pattern[/^\d+-\d+$/]


  		












Formats disponibles :  Unified diff