root / manifests / rules / mdns.pp @ 16fd95b1
Historique | Voir | Annoter | Télécharger (760 octets)
| 1 |
# |
|---|---|
| 2 |
# @summary allow incoming multicast DNS |
| 3 |
# |
| 4 |
# @param ipv4 |
| 5 |
# Allow mdns over IPv4 |
| 6 |
# @param ipv6 |
| 7 |
# Allow mdns over IPv6 |
| 8 |
# @param iifname name for incoming interfaces to filter |
| 9 |
# |
| 10 |
class nftables::rules::mdns ( |
| 11 |
Boolean $ipv4 = true, |
| 12 |
Boolean $ipv6 = true, |
| 13 |
Array[String[1]] $iifname = [], |
| 14 |
) {
|
| 15 |
if empty($iifname) {
|
| 16 |
$_iifname = '' |
| 17 |
} else {
|
| 18 |
$iifdata = $iifname.map |String[1] $interface| { "\"${interface}\"" }.join(', ')
|
| 19 |
$_iifname = "iifname { ${iifdata} } "
|
| 20 |
} |
| 21 |
if $ipv4 {
|
| 22 |
nftables::rule { 'default_in-mdns_v4':
|
| 23 |
content => "${_iifname}ip daddr 224.0.0.251 udp dport 5353 accept",
|
| 24 |
} |
| 25 |
} |
| 26 |
if $ipv6 {
|
| 27 |
nftables::rule { 'default_in-mdns_v6':
|
| 28 |
content => "${_iifname}ip6 daddr ff02::fb udp dport 5353 accept",
|
| 29 |
} |
| 30 |
} |
| 31 |
} |