Révision 7937a13b
chrony: Allow filtering for outgoing NTP servers
| manifests/rules/out/chrony.pp | ||
|---|---|---|
| 1 |
# manage out chrony |
|
| 2 |
class nftables::rules::out::chrony {
|
|
| 3 |
nftables::rule {
|
|
| 4 |
'default_out-chrony': |
|
| 5 |
content => 'udp dport 123 accept', |
|
| 1 |
# @summary manage out chrony |
|
| 2 |
# @param servers single IP-Address or array of IP-addresses from NTP servers |
|
| 3 |
class nftables::rules::out::chrony ( |
|
| 4 |
Array[Stdlib::IP::Address] $servers = [], |
|
| 5 |
) {
|
|
| 6 |
if empty($servers) {
|
|
| 7 |
nftables::rule {
|
|
| 8 |
'default_out-chrony': |
|
| 9 |
content => 'udp dport 123 accept', |
|
| 10 |
} |
|
| 11 |
} else {
|
|
| 12 |
$ipv6_servers = $servers.filter |$ip| { $ip =~ Stdlib::IP::Address::V6 }
|
|
| 13 |
$ipv4_servers = $servers.filter |$ip| { $ip =~ Stdlib::IP::Address::V4 }
|
|
| 14 |
unless empty($ipv6_servers) {
|
|
| 15 |
nftables::rule { 'default_out-chrony_v6':
|
|
| 16 |
content => "ip6 daddr {${join($ipv6_servers, ',')}} udp dport 123 accept",
|
|
| 17 |
} |
|
| 18 |
} |
|
| 19 |
unless empty($ipv4_servers) {
|
|
| 20 |
nftables::rule { 'default_out-chrony_v4':
|
|
| 21 |
content => "ip daddr {${join($ipv4_servers, ',')}} udp dport 123 accept",
|
|
| 22 |
} |
|
| 23 |
} |
|
| 6 | 24 |
} |
| 7 | 25 |
} |
Formats disponibles : Unified diff