puppet nftables

<%- | String                  $action,

      Optional[String]        $comment,

      Optional[Variant[Array[Stdlib::Port, 1], Stdlib::Port, String]] $dport,

      Optional[String]        $proto,

      Optional[Variant[Stdlib::IP::Address::V6, Stdlib::IP::Address::V4, Pattern[/^@[-a-zA-Z0-9_]+$/]]] $daddr,

      Enum['ip', 'ip6']       $set_type,

      Optional[Variant[Array[Stdlib::Port, 1], Stdlib::Port, String]] $sport,

      Boolean                 $counter,

| -%>

<%- if $proto {

  $_proto = $proto ? {

    /tcp(4|6)?/ => 'tcp',

    /udp(4|6)?/ => 'udp',

  }

  $_ip_version_filter = $proto ? {

    /(tcp4|udp4)/ => 'ip version 4',

    /(tcp6|udp6)/ => 'ip version 6',

    default       => undef,

  }

} else {

  $_ip_version_filter = undef

} -%>

<%- if $daddr {

  if $daddr =~ Stdlib::IP::Address::V6 {

    $_dst_hosts = "ip6 daddr ${daddr}"

  } elsif $daddr =~ Stdlib::IP::Address::V4 {

    $_dst_hosts = "ip daddr ${daddr}"

  } else {

    $_dst_hosts = $set_type ? {

      'ip'  => "ip daddr ${daddr}",

      'ip6' => "ip6 daddr ${daddr}",

    }

  }

} else {

  $_dst_hosts = undef

} -%>

<%- if $proto and $dport {

  $_dst_port = "${_proto} dport {${Array($dport, true).join(', ')}}"

} else {

  $_dst_port = undef

} -%>

<%- if $comment {

  $_comment = "comment \"${comment}\""

} else {

  $_comment = undef

} -%>

<%- if $proto and $sport {

  $_src_port = "${_proto} sport {${Array($sport, true).join(', ')}}"

} else {

  $_src_port = undef

} -%>

<%- if $counter {

  $_counter = "counter"

} else {

  $_counter = undef

} -%>

<%= regsubst(strip([$_ip_version_filter, $_src_port, $_dst_port, $_dst_hosts, $_counter, $action, $_comment].join(' ')), '\s+', ' ', 'G') -%>