root / manifests / rules / dns.pp @ 5dedf86c
Historique | Voir | Annoter | Télécharger (699 octets)
| 1 |
# @summary manage in dns |
|---|---|
| 2 |
# @param ports Specify ports for dns. |
| 3 |
# @param iifname Specify input interface names. |
| 4 |
# |
| 5 |
# @example Allow access to stub dns resolver from docker containers |
| 6 |
# class { 'nftables::rules::dns':
|
| 7 |
# iifname => ['docker0'], |
| 8 |
# } |
| 9 |
# |
| 10 |
class nftables::rules::dns ( |
| 11 |
Array[Stdlib::Port,1] $ports = [53], |
| 12 |
Optional[Array[String[1],1]] $iifname = undef, |
| 13 |
) {
|
| 14 |
$_iifname = $iifname ? {
|
| 15 |
Undef => '', |
| 16 |
default => "iifname {${join($iifname, ', ')}} ",
|
| 17 |
} |
| 18 |
|
| 19 |
nftables::rule {
|
| 20 |
'default_in-dns_tcp': |
| 21 |
content => "${_iifname}tcp dport {${join($ports,', ')}} accept";
|
| 22 |
'default_in-dns_udp': |
| 23 |
content => "${_iifname}udp dport {${join($ports,', ')}} accept";
|
| 24 |
} |
| 25 |
} |