Révision 3b26826f
Add rule for incoming LLMNR
| REFERENCE.md | ||
|---|---|---|
| 26 | 26 |
* [`nftables::rules::icmp`](#nftables--rules--icmp) |
| 27 | 27 |
* [`nftables::rules::igmp`](#nftables--rules--igmp): allow incoming IGMP messages |
| 28 | 28 |
* [`nftables::rules::ldap`](#nftables--rules--ldap): manage in ldap |
| 29 |
* [`nftables::rules::llmnr`](#nftables--rules--llmnr): allow incoming Link-Local Multicast Name Resolution |
|
| 29 | 30 |
* [`nftables::rules::mdns`](#nftables--rules--mdns): allow incoming multicast DNS |
| 30 | 31 |
* [`nftables::rules::multicast`](#nftables--rules--multicast): allow incoming multicast traffic |
| 31 | 32 |
* [`nftables::rules::nfs`](#nftables--rules--nfs): manage in nfs4 |
| ... | ... | |
| 655 | 656 |
|
| 656 | 657 |
Default value: `[389, 636]` |
| 657 | 658 |
|
| 659 |
### <a name="nftables--rules--llmnr"></a>`nftables::rules::llmnr` |
|
| 660 |
|
|
| 661 |
allow incoming Link-Local Multicast Name Resolution |
|
| 662 |
|
|
| 663 |
* **See also** |
|
| 664 |
* https://datatracker.ietf.org/doc/html/rfc4795 |
|
| 665 |
|
|
| 666 |
#### Parameters |
|
| 667 |
|
|
| 668 |
The following parameters are available in the `nftables::rules::llmnr` class: |
|
| 669 |
|
|
| 670 |
* [`ipv4`](#-nftables--rules--llmnr--ipv4) |
|
| 671 |
* [`ipv6`](#-nftables--rules--llmnr--ipv6) |
|
| 672 |
|
|
| 673 |
##### <a name="-nftables--rules--llmnr--ipv4"></a>`ipv4` |
|
| 674 |
|
|
| 675 |
Data type: `Boolean` |
|
| 676 |
|
|
| 677 |
Allow LLMNR over IPv4 |
|
| 678 |
|
|
| 679 |
Default value: `true` |
|
| 680 |
|
|
| 681 |
##### <a name="-nftables--rules--llmnr--ipv6"></a>`ipv6` |
|
| 682 |
|
|
| 683 |
Data type: `Boolean` |
|
| 684 |
|
|
| 685 |
Allow LLMNR over IPv6 |
|
| 686 |
|
|
| 687 |
Default value: `true` |
|
| 688 |
|
|
| 658 | 689 |
### <a name="nftables--rules--mdns"></a>`nftables::rules::mdns` |
| 659 | 690 |
|
| 660 | 691 |
allow incoming multicast DNS |
| manifests/rules/llmnr.pp | ||
|---|---|---|
| 1 |
# |
|
| 2 |
# @summary allow incoming Link-Local Multicast Name Resolution |
|
| 3 |
# |
|
| 4 |
# @param ipv4 Allow LLMNR over IPv4 |
|
| 5 |
# @param ipv6 Allow LLMNR over IPv6 |
|
| 6 |
# |
|
| 7 |
# @see https://datatracker.ietf.org/doc/html/rfc4795 |
|
| 8 |
# |
|
| 9 |
class nftables::rules::llmnr ( |
|
| 10 |
Boolean $ipv4 = true, |
|
| 11 |
Boolean $ipv6 = true, |
|
| 12 |
) {
|
|
| 13 |
if $ipv4 {
|
|
| 14 |
nftables::rule { 'default_in-llmnr_v4':
|
|
| 15 |
content => 'ip daddr 224.0.0.252 udp dport 5355 accept comment "allow LLMNR"', |
|
| 16 |
} |
|
| 17 |
} |
|
| 18 |
if $ipv6 {
|
|
| 19 |
nftables::rule { 'default_in-llmnr_v6':
|
|
| 20 |
content => 'ip6 daddr ff02::1:3 udp dport 5355 accept comment "allow LLMNR"', |
|
| 21 |
} |
|
| 22 |
} |
|
| 23 |
} |
|
| spec/acceptance/all_rules_spec.rb | ||
|---|---|---|
| 86 | 86 |
include nftables::rules::wireguard |
| 87 | 87 |
include nftables::rules::multicast |
| 88 | 88 |
include nftables::rules::spotify |
| 89 |
include nftables::rules::llmnr |
|
| 89 | 90 |
include nftables::rules::mdns |
| 90 | 91 |
include nftables::rules::igmp |
| 91 | 92 |
include nftables::rules::out::igmp |
Formats disponibles : Unified diff