root / manifests / rules / llmnr.pp @ 1ef7d5c4
Historique | Voir | Annoter | Télécharger (939 octets)
| 1 | 3b26826f | Tim Meusel | # |
|---|---|---|---|
| 2 | # @summary allow incoming Link-Local Multicast Name Resolution |
||
| 3 | # |
||
| 4 | # @param ipv4 Allow LLMNR over IPv4 |
||
| 5 | # @param ipv6 Allow LLMNR over IPv6 |
||
| 6 | 1ef7d5c4 | Tim Meusel | # @param iifname optional list of incoming interfaces to filter on |
| 7 | # |
||
| 8 | # @author Tim Meusel <tim@bastelfreak.de> |
||
| 9 | 3b26826f | Tim Meusel | # |
| 10 | # @see https://datatracker.ietf.org/doc/html/rfc4795 |
||
| 11 | # |
||
| 12 | class nftables::rules::llmnr ( |
||
| 13 | Boolean $ipv4 = true, |
||
| 14 | Boolean $ipv6 = true, |
||
| 15 | 1ef7d5c4 | Tim Meusel | Array[String[1]] $iifname = [], |
| 16 | 3b26826f | Tim Meusel | ) {
|
| 17 | 1ef7d5c4 | Tim Meusel | if empty($iifname) {
|
| 18 | $_iifname = '' |
||
| 19 | } else {
|
||
| 20 | $iifdata = $iifname.map |String[1] $interface| { "\"${interface}\"" }.join(', ')
|
||
| 21 | $_iifname = "iifname { ${iifdata} } "
|
||
| 22 | } |
||
| 23 | 3b26826f | Tim Meusel | if $ipv4 {
|
| 24 | nftables::rule { 'default_in-llmnr_v4':
|
||
| 25 | 1ef7d5c4 | Tim Meusel | content => "${_iifname}ip daddr 224.0.0.252 udp dport 5355 accept comment \"allow LLMNR\"",
|
| 26 | 3b26826f | Tim Meusel | } |
| 27 | } |
||
| 28 | if $ipv6 {
|
||
| 29 | nftables::rule { 'default_in-llmnr_v6':
|
||
| 30 | 1ef7d5c4 | Tim Meusel | content => "${_iifname}ip6 daddr ff02::1:3 udp dport 5355 accept comment \"allow LLMNR\"",
|
| 31 | 3b26826f | Tim Meusel | } |
| 32 | } |
||
| 33 | } |