Projet

Général

Profil

Paste
Télécharger au format
Statistiques
| Branche: | Révision:

root / manifests / rules / ftp.pp @ 53aa1fa8

Historique | Voir | Annoter | Télécharger (1,05 ko)

1 
# @summary manage in ftp (with conntrack helper)
2 
#
3 
# @param enable_passive
4 
#   Enable FTP passive mode support
5 
#
6 
# @param passive_ports
7 
#   Set the FTP passive mode port range
8 
#
9 
class nftables::rules::ftp (
10 
  Boolean $enable_passive = true,
11 
  Nftables::Port::Range $passive_ports = '10090-10100',
12 
) {
13 
  nftables::helper { 'ftp-standard':
14 
    content => ' type "ftp" protocol tcp;',
15 
  }
16 
  nftables::chain { 'PRE': }
17 
  nftables::rule {
18 
    'PRE-type':
19 
      order   => '01',
20 
      content => 'type filter hook prerouting priority filter';
21 
    'PRE-policy':
22 
      order   => '02',
23 
      content => 'policy accept';
24 
    'PRE-helper':
25 
      order   => '03',
26 
      content => 'tcp dport 21 ct helper set "ftp-standard"';
27 
  }
28 
  nftables::rule { 'default_in-ftp':
29 
    content => 'tcp dport 21 accept',
30 
  }
31 
  if $enable_passive {
32 
    nftables::rule { 'INPUT-ftp':
33 
      order   => '10',
34 
      content => "ct helper \"ftp\" tcp dport ${passive_ports} accept",
35 
    }
36 
  } else {
37 
    nftables::rule { 'INPUT-ftp':
38 
      order   => '10',
39 
      content => 'ct helper "ftp" accept',
40 
    }
41 
  }
42 
}