root / manifests / chain_file.pp @ 321ae8ab
Historique | Voir | Annoter | Télécharger (776 octets)
| 1 |
# manage a chain file |
|---|---|
| 2 |
# chain must be: |
| 3 |
# TABLE@chain_name |
| 4 |
define nftables::chain_file( |
| 5 |
Pattern[/^[a-z0-9]+@[a-z0-9_]+$/] $chain = $title, |
| 6 |
){
|
| 7 |
$data = split($chain,'@') |
| 8 |
$concat_name = "nftables-chain-${data[0]}-${data[1]}"
|
| 9 |
concat{
|
| 10 |
$concat_name: |
| 11 |
path => "/etc/nftables/puppet/${data[0]}-chains-${data[1]}.nft",
|
| 12 |
owner => root, |
| 13 |
group => root, |
| 14 |
mode => '0644', |
| 15 |
ensure_newline => true, |
| 16 |
require => Package['nftables'], |
| 17 |
notify => Service['nftables'], |
| 18 |
} |
| 19 |
concat::fragment{
|
| 20 |
default: |
| 21 |
target => $concat_name; |
| 22 |
"${chain}-header":
|
| 23 |
order => '00', |
| 24 |
content => "chain ${data[1]} {";
|
| 25 |
"${chain}-footer":
|
| 26 |
order => '99', |
| 27 |
content => '}'; |
| 28 |
} |
| 29 |
} |