/manifests/rules/dns.pp - Annoter - puppet nftables - Koumbit's Redmine

Télécharger au format

root / manifests / rules / dns.pp @ 2ad7193b

Historique | Voir | Annoter | Télécharger (699 octets)

1	09cba182	Steve Traylen	# @summary manage in dns
2			# @param ports Specify ports for dns.
3	67cdcf15	Steve Traylen	# @param iifname Specify input interface names.
4			#
5			# @example Allow access to stub dns resolver from docker containers
6			# class { 'nftables::rules::dns':
7			# iifname => ['docker0'],
8			# }
9			#
10	11bf7237	Steve Traylen	class nftables::rules::dns (
11	94a80621	Steve Traylen	Array[Stdlib::Port,1] $ports = [53],
12	67cdcf15	Steve Traylen	Optional[Array[String[1],1]] $iifname = undef,
13	8227cb1c	tr	) {
14	67cdcf15	Steve Traylen	$_iifname = $iifname ? {
15			Undef => '',
16			default => "iifname {${join($iifname, ', ')}} ",
17			}
18
19	11bf7237	Steve Traylen	nftables::rule {
20	8227cb1c	tr	'default_in-dns_tcp':
21	67cdcf15	Steve Traylen	content => "${_iifname}tcp dport {${join($ports,', ')}} accept";
22	8227cb1c	tr	'default_in-dns_udp':
23	67cdcf15	Steve Traylen	content => "${_iifname}udp dport {${join($ports,', ')}} accept";
24	8227cb1c	tr	}
25			}