root / manifests / chain_file.pp @ 0ba57c66
Historique | Voir | Annoter | Télécharger (776 octets)
| 1 | 0ba57c66 | mh | # manage a chain file |
|---|---|---|---|
| 2 | # chain must be: |
||
| 3 | # TABLE@chain_name |
||
| 4 | define nftables::chain_file( |
||
| 5 | Pattern[/^[a-z0-9]+@[a-z0-9_]+$/] $chain = $title, |
||
| 6 | ){
|
||
| 7 | $data = split($chain,'@') |
||
| 8 | $concat_name = "nftables-chain-${data[0]}-${data[1]}"
|
||
| 9 | concat{
|
||
| 10 | $concat_name: |
||
| 11 | path => "/etc/nftables/puppet/${data[0]}-chains-${data[1]}.nft",
|
||
| 12 | owner => root, |
||
| 13 | group => root, |
||
| 14 | mode => '0644', |
||
| 15 | ensure_newline => true, |
||
| 16 | require => Package['nftables'], |
||
| 17 | notify => Service['nftables'], |
||
| 18 | } |
||
| 19 | concat::fragment{
|
||
| 20 | default: |
||
| 21 | target => $concat_name; |
||
| 22 | "${chain}-header":
|
||
| 23 | order => '00', |
||
| 24 | content => "chain ${data[1]} {";
|
||
| 25 | "${chain}-footer":
|
||
| 26 | order => '99', |
||
| 27 | content => '}'; |
||
| 28 | } |
||
| 29 | } |