Projet

Général

Profil

Paste
Télécharger au format
Statistiques
| Branche: | Révision:

root / manifests / rules / dnat4.pp @ 11bf7237

Historique | Voir | Annoter | Télécharger (1,04 ko)

1 
# manage a ipv4 dnat rule
2 
define nftables::rules::dnat4 (
3 
  Pattern[/^[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}$/]
4 
  $daddr,
5 
  Variant[String,Integer[1,65535]]
6 
  $port,
7 
  Pattern[/^[a-zA-Z0-9_]+$/]
8 
  $rulename = $title,
9 
  Pattern[/^\d\d$/]
10 
  $order = '50',
11 
  String[1]
12 
  $chain = 'default_fwd',
13 
  Optional[String[1]]
14 
  $iif = undef,
15 
  Enum['tcp','udp']
16 
  $proto = 'tcp',
17 
  Optional[Variant[String,Integer[1,65535]]]
18 
  $dport = '',
19 
  Enum['present','absent']
20 
  $ensure = 'present',
21 
) {
22 
  $iifname = $iif ? {
23 
    undef   => '',
24 
    default => "iifname ${iif} ",
25 
  }
26 
  $filter_port = $dport ? {
27 
    ''      => $port,
28 
    default => $dport,
29 
  }
30 
  $nat_port = $dport ? {
31 
    ''      => '',
32 
    default => ":${dport}",
33 
  }
34 

    		
  

  

    
      35
    
    
      
  nftables::rule {


    		
  

  

    
      36
    
    
      
    default:


    		
  

  

    
      37
    
    
      
      ensure => $ensure,


    		
  

  

    
      38
    
    
      
      order  => $order;


    		
  

  

    
      39
    
    
      
    "${chain}-${rulename}":


    		
  

  

    
      40
    
    
      
      content => "${iifname}ip daddr ${daddr} ${proto} dport ${filter_port} accept";


    		
  

  

    
      41
    
    
      
    "PREROUTING-${rulename}":


    		
  

  

    
      42
    
    
      
      table   => 'ip-nat',


    		
  

  

    
      43
    
    
      
      content => "${iifname}${proto} dport ${port} dnat to ${daddr}${nat_port}";


    		
  

  

    
      44
    
    
      
  }


    		
  

  

    
      45
    
    
      
}