Révision 802d80d1
Allow sourcing sets from Hiera
| manifests/init.pp | ||
|---|---|---|
| 35 | 35 |
# @param nat |
| 36 | 36 |
# Add default tables and chains to process NAT traffic. |
| 37 | 37 |
# |
| 38 |
# @param sets |
|
| 39 |
# Allows sourcing set definitions directly from Hiera. |
|
| 40 |
# |
|
| 38 | 41 |
# @param log_prefix |
| 39 | 42 |
# String that will be used as prefix when logging packets. It can contain |
| 40 | 43 |
# two variables using standard sprintf() string-formatting: |
| ... | ... | |
| 68 | 71 |
Boolean $in_out_conntrack = true, |
| 69 | 72 |
Boolean $nat = true, |
| 70 | 73 |
Hash $rules = {},
|
| 74 |
Hash $sets = {},
|
|
| 71 | 75 |
String $log_prefix = '[nftables] %<chain>s %<comment>s', |
| 72 | 76 |
Variant[Boolean[false], Pattern[ |
| 73 | 77 |
/icmp(v6|x)? type .+|tcp reset/]] |
| ... | ... | |
| 146 | 150 |
* => $v |
| 147 | 151 |
} |
| 148 | 152 |
} |
| 153 |
|
|
| 154 |
# inject custom sets e.g. from hiera |
|
| 155 |
$sets.each |$n,$v| {
|
|
| 156 |
nftables::set{
|
|
| 157 |
$n: |
|
| 158 |
* => $v |
|
| 159 |
} |
|
| 160 |
} |
|
| 149 | 161 |
} |
Formats disponibles : Unified diff