Révision 3e2b5119
rules::ospf3: Allow filtering on incoming interfaces
| REFERENCE.md | ||
|---|---|---|
| 852 | 852 |
|
| 853 | 853 |
manage in ospf3 |
| 854 | 854 |
|
| 855 |
#### Parameters |
|
| 856 |
|
|
| 857 |
The following parameters are available in the `nftables::rules::ospf3` class: |
|
| 858 |
|
|
| 859 |
* [`iifname`](#-nftables--rules--ospf3--iifname) |
|
| 860 |
|
|
| 861 |
##### <a name="-nftables--rules--ospf3--iifname"></a>`iifname` |
|
| 862 |
|
|
| 863 |
Data type: `Array[String[1]]` |
|
| 864 |
|
|
| 865 |
optional list of incoming interfaces to allow traffic |
|
| 866 |
|
|
| 867 |
Default value: `[]` |
|
| 868 |
|
|
| 855 | 869 |
### <a name="nftables--rules--out--active_directory"></a>`nftables::rules::out::active_directory` |
| 856 | 870 |
|
| 857 | 871 |
manage outgoing active diectory |
| manifests/rules/ospf3.pp | ||
|---|---|---|
| 1 |
# manage in ospf3 |
|
| 2 |
class nftables::rules::ospf3 {
|
|
| 3 |
nftables::rule {
|
|
| 4 |
'default_in-ospf3': |
|
| 5 |
content => 'ip6 saddr fe80::/64 ip6 daddr { ff02::5, ff02::6 } meta l4proto 89 accept',
|
|
| 1 |
# |
|
| 2 |
# @summary manage in ospf3 |
|
| 3 |
# |
|
| 4 |
# @param iifname optional list of incoming interfaces to allow traffic |
|
| 5 |
# |
|
| 6 |
class nftables::rules::ospf3 ( |
|
| 7 |
Array[String[1]] $iifname = [], |
|
| 8 |
) {
|
|
| 9 |
if empty($iifname) {
|
|
| 10 |
$_iifname = '' |
|
| 11 |
} else {
|
|
| 12 |
$iifdata = $iifname.map |String[1] $interface| { "\"${interface}\"" }.join(', ')
|
|
| 13 |
$_iifname = "iifname { ${iifdata} } "
|
|
| 14 |
} |
|
| 15 |
nftables::rule { 'default_in-ospf3':
|
|
| 16 |
content => "${_iifname}ip6 saddr fe80::/64 ip6 daddr { ff02::5, ff02::6 } meta l4proto 89 accept",
|
|
| 6 | 17 |
} |
| 7 | 18 |
} |
| spec/classes/rules/ospf3_spec.rb | ||
|---|---|---|
| 1 |
# frozen_string_literal: true |
|
| 2 |
|
|
| 3 |
require 'spec_helper' |
|
| 4 |
|
|
| 5 |
describe 'nftables::rules::ospf3' do |
|
| 6 |
on_supported_os.each do |os, os_facts| |
|
| 7 |
context "on #{os}" do
|
|
| 8 |
let :facts do |
|
| 9 |
os_facts |
|
| 10 |
end |
|
| 11 |
|
|
| 12 |
context 'default options' do |
|
| 13 |
it { is_expected.to compile.with_all_deps }
|
|
| 14 |
it { is_expected.to contain_nftables__rule('default_in-ospf3').with_content('ip6 saddr fe80::/64 ip6 daddr { ff02::5, ff02::6 } meta l4proto 89 accept') }
|
|
| 15 |
end |
|
| 16 |
|
|
| 17 |
context 'with input interfaces set' do |
|
| 18 |
let :params do |
|
| 19 |
{
|
|
| 20 |
iifname: %w[docker0 eth0], |
|
| 21 |
} |
|
| 22 |
end |
|
| 23 |
|
|
| 24 |
it { is_expected.to compile }
|
|
| 25 |
|
|
| 26 |
str = 'iifname { "docker0", "eth0" } ip6 saddr fe80::/64 ip6 daddr { ff02::5, ff02::6 } meta l4proto 89 accept'
|
|
| 27 |
it { is_expected.to contain_nftables__rule('default_in-ospf3').with_content(str) }
|
|
| 28 |
end |
|
| 29 |
end |
|
| 30 |
end |
|
| 31 |
end |
|
Formats disponibles : Unified diff