/templates/simplerule.epp - Annoter - puppet nftables - Koumbit's Redmine

Télécharger au format

root / templates / simplerule.epp @ 2ad7193b

Historique | Voir | Annoter | Télécharger (2,61 ko)

1	55277023	Nacho Barrientos	<%- \| String $action,
2			Optional[String] $comment,
3			Boolean $counter,
4	f1ef02c5	Nacho Barrientos	Optional[Nftables::Addr] $daddr,
5	09b07e56	Nacho Barrientos	Optional[Nftables::Port] $dport,
6	55277023	Nacho Barrientos	Optional[String] $proto,
7	f1ef02c5	Nacho Barrientos	Optional[Nftables::Addr] $saddr,
8	42e7f3ea	Nacho Barrientos	String $set_type,
9	09b07e56	Nacho Barrientos	Optional[Nftables::Port] $sport,
10	e846c98b	Tim Meusel	Array[String[1]] $iifname,
11			Array[String[1]] $oifname,
12	83382bb5	Nacho Barrientos	\| -%>
13	316bc3f8	Nacho Barrientos	<%- if $proto {
14			$_proto = $proto ? {
15			/tcp(4\|6)?/ => 'tcp',
16			/udp(4\|6)?/ => 'udp',
17			}
18			$_ip_version_filter = $proto ? {
19			/(tcp4\|udp4)/ => 'ip version 4',
20	1d56f209	Nacho Barrientos	/(tcp6\|udp6)/ => 'ip6 version 6',
21	316bc3f8	Nacho Barrientos	default => undef,
22			}
23			} else {
24			$_ip_version_filter = undef
25			} -%>
26	aaa37172	Nacho Barrientos	<%- if $daddr {
27	9d02e9f8	Stéphanie Jaumotte	$_daddr = ($daddr =~ Array) ? {
28			true => "{${$daddr.join(', ')}}",
29			default => $daddr,
30			}
31			if $daddr =~ Stdlib::IP::Address::V6 or $daddr =~ Array[Stdlib::IP::Address::V6] {
32			$_daddr_type = 'ip6'
33			} elsif $daddr =~ Stdlib::IP::Address::V4 or $daddr =~ Array[Stdlib::IP::Address::V4] {
34			$_daddr_type = 'ip'
35	aaa37172	Nacho Barrientos	} else {
36	9d02e9f8	Stéphanie Jaumotte	$_daddr_type = $set_type # ip or ip6
37	aaa37172	Nacho Barrientos	}
38	9d02e9f8	Stéphanie Jaumotte	$_dst_hosts = "${_daddr_type} daddr ${_daddr}"
39	aaa37172	Nacho Barrientos	} else {
40			$_dst_hosts = undef
41			} -%>
42	3a469f2b	Nacho Barrientos	<%- if $saddr {
43	9d02e9f8	Stéphanie Jaumotte	$_saddr = ($saddr =~ Array) ? {
44			true => "{${$saddr.join(', ')}}",
45			default => $saddr,
46			}
47			if $saddr =~ Stdlib::IP::Address::V6 or $saddr =~ Array[Stdlib::IP::Address::V6] {
48			$_saddr_type = 'ip6'
49			} elsif $saddr =~ Stdlib::IP::Address::V4 or $saddr =~ Array[Stdlib::IP::Address::V4] {
50			$_saddr_type = 'ip'
51	3a469f2b	Nacho Barrientos	} else {
52	9d02e9f8	Stéphanie Jaumotte	$_saddr_type = $set_type # ip or ip6
53	3a469f2b	Nacho Barrientos	}
54	9d02e9f8	Stéphanie Jaumotte	$_src_hosts = "${_saddr_type} saddr ${_saddr}"
55	3a469f2b	Nacho Barrientos	} else {
56			$_src_hosts = undef
57			} -%>
58	3a52fb41	Nacho Barrientos	<%- if $proto and $dport {
59	6793d286	Nacho Barrientos	$_dst_port = "${_proto} dport {${Array($dport, true).join(', ')}}"
60	83382bb5	Nacho Barrientos	} else {
61	aaa37172	Nacho Barrientos	$_dst_port = undef
62	83382bb5	Nacho Barrientos	} -%>
63			<%- if $comment {
64			$_comment = "comment \"${comment}\""
65			} else {
66			$_comment = undef
67			} -%>
68	77abc10b	Nacho Barrientos	<%- if $proto and $sport {
69			$_src_port = "${_proto} sport {${Array($sport, true).join(', ')}}"
70			} else {
71			$_src_port = undef
72			} -%>
73	d43ced4d	Nacho Barrientos	<%- if $counter {
74			$_counter = "counter"
75			} else {
76			$_counter = undef
77			} -%>
78	e846c98b	Tim Meusel	<%- if empty($iifname) {
79	25b3f3f4	Tim Meusel	$_iifname = undef
80	d7d6d5d3	Tim Meusel	} else {
81	e846c98b	Tim Meusel	$iifdata = $iifname.map \|String[1] $interface\| { "\"${interface}\"" }.join(', ')
82			$_iifname = "iifname { ${iifdata} }"
83			} -%>
84			<%- if empty($oifname) {
85	d7d6d5d3	Tim Meusel	$_oifname = undef
86	e846c98b	Tim Meusel	} else {
87			$oifdata = $oifname.map \|String[1] $interface\| { "\"${interface}\"" }.join(', ')
88			$_oifname = "oifname { ${oifdata} }"
89	d7d6d5d3	Tim Meusel	} -%>
90			<%= regsubst(strip([$_ip_version_filter, $_iifname, $_oifname, $_src_port, $_dst_port, $_src_hosts, $_dst_hosts, $_counter, $action, $_comment].join(' ')), '\s+', ' ', 'G') -%>

Projet

Général

Profil

puppet nftables

root / templates / simplerule.epp @ 2ad7193b