Projet

Général

Profil

Révision 11bf7237

ID11bf7237333a685ccc629e0b2536a34c79a4e217
Parent 78f22811
Enfant b09d43bf

Ajouté par Steve Traylen il y a plus de 4 ans

lint_fix results

Voir les différences:

manifests/chain.pp
1 1 
# manage a chain
2 
define nftables::chain(
2 
define nftables::chain (
3 3 
  Pattern[/^(ip|ip6|inet)-[a-zA-Z0-9_]+$/]
4 
    $table = 'inet-filter',
4 
  $table = 'inet-filter',
5 5 
  Pattern[/^[a-zA-Z0-9_]+$/]
6 
    $chain = $title,
6 
  $chain = $title,
7 7 
  Optional[Pattern[/^\d\d-[a-zA-Z0-9_]+$/]]
8 
    $inject = undef,
8 
  $inject = undef,
9 9 
  Optional[String]
10 
    $inject_iif = undef,
10 
  $inject_iif = undef,
11 11 
  Optional[String]
12 
    $inject_oif = undef,
13 
){
12 
  $inject_oif = undef,
13 
) {
14 14 
  $concat_name = "nftables-${table}-chain-${chain}"
15 15 

  		




  16
  
  
    
  concat{


  		




  
  16
  
    
  concat {


  		




  17
  17
  
    
    $concat_name:


  		




  18
  18
  
    
      path           => "/etc/nftables/puppet-preflight/${table}-chain-${chain}.nft",


  		




  19
  19
  
    
      owner          => root,


  		




  ......




  21
  21
  
    
      mode           => '0640',


  		




  22
  22
  
    
      ensure_newline => true,


  		




  23
  23
  
    
      require        => Package['nftables'],


  		




  24
  
  
    
  } ~> Exec['nft validate'] -> file{


  		




  
  24
  
    
  } ~> Exec['nft validate'] -> file {


  		




  25
  25
  
    
    "/etc/nftables/puppet/${table}-chain-${chain}.nft":


  		




  26
  
  
    
    ensure => file,


  		




  27
  
  
    
    source => "/etc/nftables/puppet-preflight/${table}-chain-${chain}.nft",


  		




  28
  
  
    
    owner  => root,


  		




  29
  
  
    
    group  => root,


  		




  30
  
  
    
    mode   => '0640',


  		




  
  26
  
    
      ensure => file,


  		




  
  27
  
    
      source => "/etc/nftables/puppet-preflight/${table}-chain-${chain}.nft",


  		




  
  28
  
    
      owner  => root,


  		




  
  29
  
    
      group  => root,


  		




  
  30
  
    
      mode   => '0640',


  		




  31
  31
  
    
  } ~> Service['nftables']


  		




  32
  32
  
    

  		




  33
  
  
    
  concat::fragment{


  		




  
  33
  
    
  concat::fragment {


  		




  34
  34
  
    
    default:


  		




  35
  35
  
    
      target => $concat_name;


  		




  36
  36
  
    
    "${concat_name}-header":


  		




  ......




  51
  51
  
    
      undef => '',


  		




  52
  52
  
    
      default => "oifname ${inject_oif} ",


  		




  53
  53
  
    
    }


  		




  54
  
  
    
    nftables::rule{ "${data[1]}-jump_${chain}":


  		




  
  54
  
    
    nftables::rule { "${data[1]}-jump_${chain}":


  		




  55
  55
  
    
      order   => $data[0],


  		




  56
  56
  
    
      content => "${iif}${oif}jump ${chain}",


  		




  57
  57
  
    
    }


  		












Formats disponibles :  Unified diff