root / manifests / rules / out / chrony.pp @ 5d554e75
Historique | Voir | Annoter | Télécharger (840 octets)
| 1 |
# @summary manage out chrony |
|---|---|
| 2 |
# @param servers single IP-Address or array of IP-addresses from NTP servers |
| 3 |
class nftables::rules::out::chrony ( |
| 4 |
Array[Stdlib::IP::Address] $servers = [], |
| 5 |
) {
|
| 6 |
if empty($servers) {
|
| 7 |
nftables::rule {
|
| 8 |
'default_out-chrony': |
| 9 |
content => 'udp dport 123 accept', |
| 10 |
} |
| 11 |
} else {
|
| 12 |
$ipv6_servers = $servers.filter |$ip| { $ip =~ Stdlib::IP::Address::V6 }
|
| 13 |
$ipv4_servers = $servers.filter |$ip| { $ip =~ Stdlib::IP::Address::V4 }
|
| 14 |
unless empty($ipv6_servers) {
|
| 15 |
nftables::rule { 'default_out-chrony_v6':
|
| 16 |
content => "ip6 daddr {${join($ipv6_servers, ',')}} udp dport 123 accept",
|
| 17 |
} |
| 18 |
} |
| 19 |
unless empty($ipv4_servers) {
|
| 20 |
nftables::rule { 'default_out-chrony_v4':
|
| 21 |
content => "ip daddr {${join($ipv4_servers, ',')}} udp dport 123 accept",
|
| 22 |
} |
| 23 |
} |
| 24 |
} |
| 25 |
} |