Révision 77abc10b
Implement nftables::simplerule::sport
| manifests/simplerule.pp | ||
|---|---|---|
| 1 | 1 |
# @summary Provides a simplified interface to nftables::rule for basic use cases |
| 2 | 2 |
# |
| 3 |
# @example allow incoming traffic on port 543 TCP to a given IP range and count packets |
|
| 3 |
# @example allow incoming traffic from port 541 on port 543 TCP to a given IP range and count packets
|
|
| 4 | 4 |
# nftables::simplerule{'my_service_in':
|
| 5 | 5 |
# action => 'accept', |
| 6 | 6 |
# comment => 'allow traffic to port 543', |
| ... | ... | |
| 8 | 8 |
# proto => 'tcp', |
| 9 | 9 |
# dport => 543, |
| 10 | 10 |
# daddr => '2001:1458::/32', |
| 11 |
# sport => 541, |
|
| 11 | 12 |
# } |
| 12 | 13 |
|
| 13 | 14 |
define nftables::simplerule ( |
| ... | ... | |
| 22 | 23 |
Optional[Enum['tcp', 'tcp4', 'tcp6', 'udp', 'udp4', 'udp6']] $proto = undef, |
| 23 | 24 |
Optional[Variant[Stdlib::IP::Address::V6, Stdlib::IP::Address::V4, Pattern[/^@[-a-zA-Z0-9_]+$/]]] $daddr = undef, |
| 24 | 25 |
Enum['ip', 'ip6'] $set_type = 'ip6', |
| 26 |
Optional[Variant[Array[Stdlib::Port, 1], Stdlib::Port, Pattern[/\d+-\d+/]]] $sport = undef, |
|
| 25 | 27 |
Boolean $counter = false, |
| 26 | 28 |
) {
|
| 27 | 29 |
if $dport and !$proto {
|
| 28 | 30 |
fail('Specifying a transport protocol via $proto is mandatory when passing a $dport')
|
| 29 | 31 |
} |
| 30 | 32 |
|
| 33 |
if $sport and !$proto {
|
|
| 34 |
fail('Specifying a transport protocol via $proto is mandatory when passing a $sport')
|
|
| 35 |
} |
|
| 36 |
|
|
| 31 | 37 |
if $ensure == 'present' {
|
| 32 | 38 |
nftables::rule { "${chain}-${rulename}":
|
| 33 | 39 |
content => epp('nftables/simplerule.epp',
|
| ... | ... | |
| 39 | 45 |
'proto' => $proto, |
| 40 | 46 |
'daddr' => $daddr, |
| 41 | 47 |
'set_type' => $set_type, |
| 48 |
'sport' => $sport, |
|
| 42 | 49 |
} |
| 43 | 50 |
), |
| 44 | 51 |
order => $order, |
Formats disponibles : Unified diff