root / manifests / rules / llmnr.pp @ 4c3d5d6b
Historique | Voir | Annoter | Télécharger (584 octets)
| 1 | 3b26826f | Tim Meusel | # |
|---|---|---|---|
| 2 | # @summary allow incoming Link-Local Multicast Name Resolution |
||
| 3 | # |
||
| 4 | # @param ipv4 Allow LLMNR over IPv4 |
||
| 5 | # @param ipv6 Allow LLMNR over IPv6 |
||
| 6 | # |
||
| 7 | # @see https://datatracker.ietf.org/doc/html/rfc4795 |
||
| 8 | # |
||
| 9 | class nftables::rules::llmnr ( |
||
| 10 | Boolean $ipv4 = true, |
||
| 11 | Boolean $ipv6 = true, |
||
| 12 | ) {
|
||
| 13 | if $ipv4 {
|
||
| 14 | nftables::rule { 'default_in-llmnr_v4':
|
||
| 15 | content => 'ip daddr 224.0.0.252 udp dport 5355 accept comment "allow LLMNR"', |
||
| 16 | } |
||
| 17 | } |
||
| 18 | if $ipv6 {
|
||
| 19 | nftables::rule { 'default_in-llmnr_v6':
|
||
| 20 | content => 'ip6 daddr ff02::1:3 udp dport 5355 accept comment "allow LLMNR"', |
||
| 21 | } |
||
| 22 | } |
||
| 23 | } |