Révision 67cdcf15
Support input interface specification to dns server
Useful when you want to allow docker/podman containers
access to a hosts dns stub resolver.
```puppet
class{'nftables::rules::dns':
iifname => ['docker0'],
}
```
| manifests/rules/dns.pp | ||
|---|---|---|
| 1 | 1 |
# @summary manage in dns |
| 2 | 2 |
# @param ports Specify ports for dns. |
| 3 |
# @param iifname Specify input interface names. |
|
| 4 |
# |
|
| 5 |
# @example Allow access to stub dns resolver from docker containers |
|
| 6 |
# class { 'nftables::rules::dns':
|
|
| 7 |
# iifname => ['docker0'], |
|
| 8 |
# } |
|
| 9 |
# |
|
| 3 | 10 |
class nftables::rules::dns ( |
| 4 | 11 |
Array[Stdlib::Port,1] $ports = [53], |
| 12 |
Optional[Array[String[1],1]] $iifname = undef, |
|
| 5 | 13 |
) {
|
| 14 |
$_iifname = $iifname ? {
|
|
| 15 |
Undef => '', |
|
| 16 |
default => "iifname {${join($iifname, ', ')}} ",
|
|
| 17 |
} |
|
| 18 |
|
|
| 6 | 19 |
nftables::rule {
|
| 7 | 20 |
'default_in-dns_tcp': |
| 8 |
content => "tcp dport {${join($ports,', ')}} accept";
|
|
| 21 |
content => "${_iifname}tcp dport {${join($ports,', ')}} accept";
|
|
| 9 | 22 |
'default_in-dns_udp': |
| 10 |
content => "udp dport {${join($ports,', ')}} accept";
|
|
| 23 |
content => "${_iifname}udp dport {${join($ports,', ')}} accept";
|
|
| 11 | 24 |
} |
| 12 | 25 |
} |
Formats disponibles : Unified diff