/manifests/rules/snat4.pp - Annoter - puppet nftables - Koumbit's Redmine

Télécharger au format

root / manifests / rules / snat4.pp @ 11bf7237

1	3d29a6eb	tr	# manage a ipv4 snat rule
2	11bf7237	Steve Traylen	define nftables::rules::snat4 (
3	3d29a6eb	tr	String[1]
4	11bf7237	Steve Traylen	$snat,
5	3d29a6eb	tr	Pattern[/^[a-zA-Z0-9_]+$/]
6	11bf7237	Steve Traylen	$rulename = $title,
7	3d29a6eb	tr	Pattern[/^\d\d$/]
8	11bf7237	Steve Traylen	$order = '70',
9	3d29a6eb	tr	String[1]
10	11bf7237	Steve Traylen	$chain = 'POSTROUTING',
11	3d29a6eb	tr	Optional[String[1]]
12	11bf7237	Steve Traylen	$oif = undef,
13	3d29a6eb	tr	Optional[String[1]]
14	11bf7237	Steve Traylen	$saddr = undef,
15	a6316327	tr	Optional[Enum['tcp','udp']]
16	11bf7237	Steve Traylen	$proto = undef,
17	3d29a6eb	tr	Optional[Variant[String,Integer[1,65535]]]
18	11bf7237	Steve Traylen	$dport = undef,
19	3d29a6eb	tr	Enum['present','absent']
20	11bf7237	Steve Traylen	$ensure = 'present',
21	3d29a6eb	tr	) {
22			$oifname = $oif ? {
23			undef => '',
24			default => "oifname ${oif} ",
25			}
26			$src = $saddr ? {
27			undef => '',
28			default => "ip saddr ${saddr} ",
29			}
30
31			if $proto and $dport {
32			$protocol = ''
33			$port = "${proto} dport ${dport} "
34			} elsif $proto {
35			$protocol = "${proto} "
36			$port = ''
37			} elsif $dport {
38			$protocol = ''
39			$port = "tcp dport ${dport} "
40			} else {
41			$protocol = ''
42			$port = ''
43			}
44
45	11bf7237	Steve Traylen	nftables::rule {
46	3d29a6eb	tr	"${chain}-${rulename}":
47			ensure => $ensure,
48			table => 'ip-nat',
49			order => $order,
50			content => "${oifname}${src}${protocol}${port}snat ${snat}";
51			}
52			}