Révision 7f74df2e
Add class for pxp-agent firewalling
| REFERENCE.md | ||
|---|---|---|
| 60 | 60 |
* [`nftables::rules::out::tor`](#nftablesrulesouttor): manage out tor |
| 61 | 61 |
* [`nftables::rules::out::wireguard`](#nftablesrulesoutwireguard): manage out wireguard |
| 62 | 62 |
* [`nftables::rules::puppet`](#nftablesrulespuppet): manage in puppet |
| 63 |
* [`nftables::rules::pxp_agent`](#nftablesrulespxp_agent): manage in pxp-agent |
|
| 63 | 64 |
* [`nftables::rules::qemu`](#nftablesrulesqemu): Bridged network configuration for qemu/libvirt |
| 64 | 65 |
* [`nftables::rules::samba`](#nftablesrulessamba): manage Samba, the suite to allow Windows file sharing on Linux resources. |
| 65 | 66 |
* [`nftables::rules::smtp`](#nftablesrulessmtp): manage in smtp |
| ... | ... | |
| 884 | 885 |
|
| 885 | 886 |
Default value: `[8140]` |
| 886 | 887 |
|
| 888 |
### <a name="nftablesrulespxp_agent"></a>`nftables::rules::pxp_agent` |
|
| 889 |
|
|
| 890 |
manage in pxp-agent |
|
| 891 |
|
|
| 892 |
#### Parameters |
|
| 893 |
|
|
| 894 |
The following parameters are available in the `nftables::rules::pxp_agent` class: |
|
| 895 |
|
|
| 896 |
* [`ports`](#ports) |
|
| 897 |
|
|
| 898 |
##### <a name="ports"></a>`ports` |
|
| 899 |
|
|
| 900 |
Data type: `Array[Stdlib::Port]` |
|
| 901 |
|
|
| 902 |
pxp server ports |
|
| 903 |
|
|
| 904 |
Default value: `[8142]` |
|
| 905 |
|
|
| 887 | 906 |
### <a name="nftablesrulesqemu"></a>`nftables::rules::qemu` |
| 888 | 907 |
|
| 889 | 908 |
This class configures the typical firewall setup that libvirt |
| manifests/rules/pxp_agent.pp | ||
|---|---|---|
| 1 |
# @summary manage in pxp-agent |
|
| 2 |
# @param ports pxp server ports |
|
| 3 |
class nftables::rules::pxp_agent ( |
|
| 4 |
Array[Stdlib::Port] $ports = [8142], |
|
| 5 |
) {
|
|
| 6 |
nftables::rule {
|
|
| 7 |
'default_in-pxp_agent': |
|
| 8 |
content => "tcp dport {${join($ports,', ')}} accept",
|
|
| 9 |
} |
|
| 10 |
} |
|
| spec/acceptance/all_rules_spec.rb | ||
|---|---|---|
| 28 | 28 |
include nftables::rules::ospf |
| 29 | 29 |
include nftables::rules::http |
| 30 | 30 |
include nftables::rules::puppet |
| 31 |
include nftables::rules::pxp_agent |
|
| 31 | 32 |
include nftables::rules::icinga2 |
| 32 | 33 |
include nftables::rules::tor |
| 33 | 34 |
include nftables::rules::ospf3 |
| spec/classes/rules/pxp_agent_spec.rb | ||
|---|---|---|
| 1 |
# frozen_string_literal: true |
|
| 2 |
|
|
| 3 |
require 'spec_helper' |
|
| 4 |
|
|
| 5 |
describe 'nftables::rules::pxp_agent' do |
|
| 6 |
on_supported_os.each do |os, os_facts| |
|
| 7 |
context "on #{os}" do
|
|
| 8 |
let(:facts) { os_facts }
|
|
| 9 |
|
|
| 10 |
context 'default options' do |
|
| 11 |
it { is_expected.to compile.with_all_deps }
|
|
| 12 |
it { is_expected.to contain_nftables__rule('default_in-pxp_agent').with_content('tcp dport {8142} accept') }
|
|
| 13 |
it { is_expected.to contain_concat__fragment('nftables-inet-filter-chain-default_in-rule-pxp_agent') }
|
|
| 14 |
it { is_expected.to contain_concat__fragment('nftables-inet-filter-chain-default_in-rule-pxp_agent_header') }
|
|
| 15 |
end |
|
| 16 |
|
|
| 17 |
context 'with ports set' do |
|
| 18 |
let(:params) do |
|
| 19 |
{
|
|
| 20 |
ports: [55, 60], |
|
| 21 |
} |
|
| 22 |
end |
|
| 23 |
|
|
| 24 |
it { is_expected.to compile.with_all_deps }
|
|
| 25 |
it { is_expected.to contain_nftables__rule('default_in-pxp_agent').with_content('tcp dport {55, 60} accept') }
|
|
| 26 |
end |
|
| 27 |
end |
|
| 28 |
end |
|
| 29 |
end |
|
Formats disponibles : Unified diff