Projet

Général

Profil

Révision 2b1896c1

ID2b1896c16a0428fa9477a0f9de29b21fca7b384f
Parent f1c87156
Enfant 45ad24ff

Ajouté par Tim Meusel il y a presque 3 ans

Add rule to allow outgoing whois queries

Voir les différences:

REFERENCE.md
59 59 
* [`nftables::rules::out::ssh`](#nftablesrulesoutssh): manage out ssh
60 60 
* [`nftables::rules::out::ssh::remove`](#nftablesrulesoutsshremove): disable outgoing ssh
61 61 
* [`nftables::rules::out::tor`](#nftablesrulesouttor): manage out tor
62 
* [`nftables::rules::out::whois`](#nftablesrulesoutwhois): allow clients to query remote whois server
62 63 
* [`nftables::rules::out::wireguard`](#nftablesrulesoutwireguard): manage out wireguard
63 64 
* [`nftables::rules::puppet`](#nftablesrulespuppet): manage in puppet
64 65 
* [`nftables::rules::pxp_agent`](#nftablesrulespxp_agent): manage in pxp-agent
......
879 880 

  		




  880
  881
  
    
manage out tor


  		




  881
  882
  
    

  		




  
  883
  
    
### <a name="nftablesrulesoutwhois"></a>`nftables::rules::out::whois`


  		




  
  884
  
    

  		




  
  885
  
    
allow clients to query remote whois server


  		




  
  886
  
    

  		




  882
  887
  
    
### <a name="nftablesrulesoutwireguard"></a>`nftables::rules::out::wireguard`


  		




  883
  888
  
    

  		




  884
  889
  
    
manage out wireguard


  		




  ......




  927
  932
  
    

  		




  928
  933
  
    
##### <a name="ports"></a>`ports`


  		




  929
  934
  
    

  		




  930
  
  
    
Data type: `Array[Stdlib::Port]`


  		




  
  935
  
    
Data type: `Array[Stdlib::Port,1]`


  		




  931
  936
  
    

  		




  932
  937
  
    
pxp server ports


  		




  933
  938
  
    

  		












  

    
      manifests/rules/out/whois.pp
    
  





  
  1
  
    
# @summary allow clients to query remote whois server


  		




  
  2
  
    
class nftables::rules::out::whois {


  		




  
  3
  
    
  nftables::rule { 'default_out-whois':


  		




  
  4
  
    
    content => 'tcp dport {43, 4321} accept comment "default_out-whois"',


  		




  
  5
  
    
  }


  		




  
  6
  
    
}


  		












  

    
      spec/acceptance/all_rules_spec.rb
    
  





  74
  74
  
    
      include nftables::rules::out::pop3


  		




  75
  75
  
    
      include nftables::rules::out::chrony


  		




  76
  76
  
    
      include nftables::rules::out::wireguard


  		




  
  77
  
    
      include nftables::rules::out::whois


  		




  77
  78
  
    
      include nftables::rules::wireguard


  		




  78
  79
  
    
      include nftables::services::dhcpv6_client


  		




  79
  80
  
    
      include nftables::services::openafs_client


  		












  

    
      spec/classes/rules/out/whois_spec.rb
    
  





  
  1
  
    
# frozen_string_literal: true


  		




  
  2
  
    

  		




  
  3
  
    
require 'spec_helper'


  		




  
  4
  
    

  		




  
  5
  
    
describe 'nftables::rules::out::whois' do


  		




  
  6
  
    
  on_supported_os.each do |os, os_facts|


  		




  
  7
  
    
    context "on #{os}" do


  		




  
  8
  
    
      let(:facts) { os_facts }


  		




  
  9
  
    

  		




  
  10
  
    
      context 'default options' do


  		




  
  11
  
    
        it { is_expected.to compile.with_all_deps }


  		




  
  12
  
    
        it { is_expected.to contain_nftables__rule('default_out-whois').with_content('tcp dport {43, 4321} accept comment "default_out-whois"') }


  		




  
  13
  
    
        it { is_expected.to contain_concat__fragment('nftables-inet-filter-chain-default_out-rule-whois') }


  		




  
  14
  
    
        it { is_expected.to contain_concat__fragment('nftables-inet-filter-chain-default_out-rule-whois_header') }


  		




  
  15
  
    
      end


  		




  
  16
  
    
    end


  		




  
  17
  
    
  end


  		




  
  18
  
    
end


  		












Formats disponibles :  Unified diff