/manifests/rules/out/dns.pp - Annoter - puppet nftables - Koumbit's Redmine

Télécharger au format

root / manifests / rules / out / dns.pp @ 8efbdf9a

1	9da28f8c	tr	# manage out dns
2	d4de1bfe	tr	class nftables::rules::out::dns (
3			Optional[Variant[String,Array[String,1]]]
4			$dns_server = undef,
5			) {
6			if $dns_server {
7			any2array($dns_server).each \|$index,$dns\| {
8
9	8efbdf9a	tr	nftables::rule{
10	d4de1bfe	tr	"default_out-dnsudp-${index}":
11			}
12			if $dns =~ /:/ {
13	8efbdf9a	tr	Nftables::Rule["default_out-dnsudp-${index}"]{
14	d4de1bfe	tr	content => "ip6 daddr ${dns} udp dport 53 accept",
15			}
16			} else {
17	8efbdf9a	tr	Nftables::Rule["default_out-dnsudp-${index}"]{
18	d4de1bfe	tr	content => "ip daddr ${dns} udp dport 53 accept",
19			}
20			}
21
22	8efbdf9a	tr	nftables::rule{
23	d4de1bfe	tr	"default_out-dnstcp-${index}":
24			}
25			if $dns =~ /:/ {
26	8efbdf9a	tr	Nftables::Rule["default_out-dnstcp-${index}"]{
27	d4de1bfe	tr	content => "ip6 daddr ${dns} tcp dport 53 accept",
28			}
29			} else {
30	8efbdf9a	tr	Nftables::Rule["default_out-dnstcp-${index}"]{
31	d4de1bfe	tr	content => "ip daddr ${dns} tcp dport 53 accept",
32			}
33			}
34			}
35			} else {
36	8efbdf9a	tr	nftables::rule{
37	d4de1bfe	tr	'default_out-dnsudp':
38			content => 'udp dport 53 accept';
39			'default_out-dnstcp':
40			content => 'tcp dport 53 accept';
41			}
42	9da28f8c	tr	}
43			}