root / manifests / rules / mdns.pp @ 5dedf86c
Historique | Voir | Annoter | Télécharger (760 octets)
| 1 | 5ffd0328 | Tim Meusel | # |
|---|---|---|---|
| 2 | # @summary allow incoming multicast DNS |
||
| 3 | # |
||
| 4 | ad3dbd7d | Ewoud Kohl van Wijngaarden | # @param ipv4 |
| 5 | # Allow mdns over IPv4 |
||
| 6 | # @param ipv6 |
||
| 7 | # Allow mdns over IPv6 |
||
| 8 | 4c3d5d6b | Tim Meusel | # @param iifname name for incoming interfaces to filter |
| 9 | # |
||
| 10 | ad3dbd7d | Ewoud Kohl van Wijngaarden | class nftables::rules::mdns ( |
| 11 | Boolean $ipv4 = true, |
||
| 12 | Boolean $ipv6 = true, |
||
| 13 | 4c3d5d6b | Tim Meusel | Array[String[1]] $iifname = [], |
| 14 | ad3dbd7d | Ewoud Kohl van Wijngaarden | ) {
|
| 15 | 4c3d5d6b | Tim Meusel | if empty($iifname) {
|
| 16 | $_iifname = '' |
||
| 17 | } else {
|
||
| 18 | $iifdata = $iifname.map |String[1] $interface| { "\"${interface}\"" }.join(', ')
|
||
| 19 | $_iifname = "iifname { ${iifdata} } "
|
||
| 20 | } |
||
| 21 | ad3dbd7d | Ewoud Kohl van Wijngaarden | if $ipv4 {
|
| 22 | nftables::rule { 'default_in-mdns_v4':
|
||
| 23 | 4c3d5d6b | Tim Meusel | content => "${_iifname}ip daddr 224.0.0.251 udp dport 5353 accept",
|
| 24 | ad3dbd7d | Ewoud Kohl van Wijngaarden | } |
| 25 | 5ffd0328 | Tim Meusel | } |
| 26 | ad3dbd7d | Ewoud Kohl van Wijngaarden | if $ipv6 {
|
| 27 | nftables::rule { 'default_in-mdns_v6':
|
||
| 28 | 4c3d5d6b | Tim Meusel | content => "${_iifname}ip6 daddr ff02::fb udp dport 5353 accept",
|
| 29 | ad3dbd7d | Ewoud Kohl van Wijngaarden | } |
| 30 | c2e342b2 | Tim Meusel | } |
| 31 | 5ffd0328 | Tim Meusel | } |