Révision 771b3256
Add rules for Apache ActiveMQ
| REFERENCE.md | ||
|---|---|---|
| 10 | 10 |
* [`nftables::bridges`](#nftablesbridges): allow forwarding traffic on bridges |
| 11 | 11 |
* [`nftables::inet_filter`](#nftablesinet_filter): manage basic chains in table inet filter |
| 12 | 12 |
* [`nftables::ip_nat`](#nftablesip_nat): manage basic chains in table ip nat |
| 13 |
* [`nftables::rules::activemq`](#nftablesrulesactivemq): Provides input rules for Apache ActiveMQ |
|
| 13 | 14 |
* [`nftables::rules::afs3_callback`](#nftablesrulesafs3_callback): Open call back port for AFS clients |
| 14 | 15 |
* [`nftables::rules::ceph`](#nftablesrulesceph): Ceph is a distributed object store and file system. Enable this to support Ceph's Object Storage Daemons (OSD), Metadata Server Daemons (MDS) |
| 15 | 16 |
* [`nftables::rules::ceph_mon`](#nftablesrulesceph_mon): Ceph is a distributed object store and file system. |
| ... | ... | |
| 333 | 334 |
|
| 334 | 335 |
manage basic chains in table ip nat |
| 335 | 336 |
|
| 337 |
### <a name="nftablesrulesactivemq"></a>`nftables::rules::activemq` |
|
| 338 |
|
|
| 339 |
Provides input rules for Apache ActiveMQ |
|
| 340 |
|
|
| 341 |
#### Parameters |
|
| 342 |
|
|
| 343 |
The following parameters are available in the `nftables::rules::activemq` class: |
|
| 344 |
|
|
| 345 |
* [`tcp`](#tcp) |
|
| 346 |
* [`udp`](#udp) |
|
| 347 |
* [`port`](#port) |
|
| 348 |
|
|
| 349 |
##### <a name="tcp"></a>`tcp` |
|
| 350 |
|
|
| 351 |
Data type: `Boolean` |
|
| 352 |
|
|
| 353 |
Create the rule for TCP traffic. |
|
| 354 |
|
|
| 355 |
Default value: ``true`` |
|
| 356 |
|
|
| 357 |
##### <a name="udp"></a>`udp` |
|
| 358 |
|
|
| 359 |
Data type: `Boolean` |
|
| 360 |
|
|
| 361 |
Create the rule for UDP traffic. |
|
| 362 |
|
|
| 363 |
Default value: ``true`` |
|
| 364 |
|
|
| 365 |
##### <a name="port"></a>`port` |
|
| 366 |
|
|
| 367 |
Data type: `Stdlib::Port` |
|
| 368 |
|
|
| 369 |
The port number for the ActiveMQ daemon. |
|
| 370 |
|
|
| 371 |
Default value: `61616` |
|
| 372 |
|
|
| 336 | 373 |
### <a name="nftablesrulesafs3_callback"></a>`nftables::rules::afs3_callback` |
| 337 | 374 |
|
| 338 | 375 |
Open call back port for AFS clients |
| manifests/rules/activemq.pp | ||
|---|---|---|
| 1 |
# @summary Provides input rules for Apache ActiveMQ |
|
| 2 |
# |
|
| 3 |
# @param tcp |
|
| 4 |
# Create the rule for TCP traffic. |
|
| 5 |
# |
|
| 6 |
# @param udp |
|
| 7 |
# Create the rule for UDP traffic. |
|
| 8 |
# |
|
| 9 |
# @param port |
|
| 10 |
# The port number for the ActiveMQ daemon. |
|
| 11 |
class nftables::rules::activemq ( |
|
| 12 |
Boolean $tcp = true, |
|
| 13 |
Boolean $udp = true, |
|
| 14 |
Stdlib::Port $port = 61616, |
|
| 15 |
) {
|
|
| 16 |
if $tcp {
|
|
| 17 |
nftables::rule {
|
|
| 18 |
'default_in-activemq_tcp': |
|
| 19 |
content => "tcp dport ${port} accept",
|
|
| 20 |
} |
|
| 21 |
} |
|
| 22 |
|
|
| 23 |
if $udp {
|
|
| 24 |
nftables::rule {
|
|
| 25 |
'default_in-activemq_udp': |
|
| 26 |
content => "udp dport ${port} accept",
|
|
| 27 |
} |
|
| 28 |
} |
|
| 29 |
} |
|
| spec/acceptance/all_rules_spec.rb | ||
|---|---|---|
| 37 | 37 |
include nftables::rules::smtp |
| 38 | 38 |
include nftables::rules::ceph |
| 39 | 39 |
include nftables::rules::samba |
| 40 |
include nftables::rules::activemq |
|
| 40 | 41 |
include nftables::rules::out::postgres |
| 41 | 42 |
include nftables::rules::out::icmp |
| 42 | 43 |
include nftables::rules::out::dns |
| spec/classes/rules/activemq_spec.rb | ||
|---|---|---|
| 1 |
require 'spec_helper' |
|
| 2 |
|
|
| 3 |
describe 'nftables::rules::activemq' do |
|
| 4 |
on_supported_os.each do |os, os_facts| |
|
| 5 |
context "on #{os}" do
|
|
| 6 |
let(:facts) { os_facts }
|
|
| 7 |
|
|
| 8 |
context 'default options' do |
|
| 9 |
it { is_expected.to compile }
|
|
| 10 |
it { is_expected.to contain_nftables__rule('default_in-activemq_tcp').with_content('tcp dport 61616 accept') }
|
|
| 11 |
it { is_expected.to contain_nftables__rule('default_in-activemq_udp').with_content('udp dport 61616 accept') }
|
|
| 12 |
end |
|
| 13 |
|
|
| 14 |
context 'with tcp set to false' do |
|
| 15 |
let(:params) do |
|
| 16 |
{
|
|
| 17 |
tcp: false, |
|
| 18 |
} |
|
| 19 |
end |
|
| 20 |
|
|
| 21 |
it { is_expected.to compile }
|
|
| 22 |
it { is_expected.not_to contain_nftables__rule('default_in-activemq_tcp').with_content('tcp dport 61616 accept') }
|
|
| 23 |
it { is_expected.to contain_nftables__rule('default_in-activemq_udp').with_content('udp dport 61616 accept') }
|
|
| 24 |
end |
|
| 25 |
|
|
| 26 |
context 'with udp set to false' do |
|
| 27 |
let(:params) do |
|
| 28 |
{
|
|
| 29 |
udp: false, |
|
| 30 |
} |
|
| 31 |
end |
|
| 32 |
|
|
| 33 |
it { is_expected.to compile }
|
|
| 34 |
it { is_expected.to contain_nftables__rule('default_in-activemq_tcp').with_content('tcp dport 61616 accept') }
|
|
| 35 |
it { is_expected.not_to contain_nftables__rule('default_in-activemq_udp').with_content('udp dport 61616 accept') }
|
|
| 36 |
end |
|
| 37 |
end |
|
| 38 |
end |
|
| 39 |
end |
|
Formats disponibles : Unified diff