root / templates / simplerule.epp @ 9d02e9f8
Historique | Voir | Annoter | Télécharger (2,61 ko)
| 1 |
<%- | String $action, |
|---|---|
| 2 |
Optional[String] $comment, |
| 3 |
Boolean $counter, |
| 4 |
Optional[Nftables::Addr] $daddr, |
| 5 |
Optional[Nftables::Port] $dport, |
| 6 |
Optional[String] $proto, |
| 7 |
Optional[Nftables::Addr] $saddr, |
| 8 |
String $set_type, |
| 9 |
Optional[Nftables::Port] $sport, |
| 10 |
Array[String[1]] $iifname, |
| 11 |
Array[String[1]] $oifname, |
| 12 |
| -%> |
| 13 |
<%- if $proto {
|
| 14 |
$_proto = $proto ? {
|
| 15 |
/tcp(4|6)?/ => 'tcp', |
| 16 |
/udp(4|6)?/ => 'udp', |
| 17 |
} |
| 18 |
$_ip_version_filter = $proto ? {
|
| 19 |
/(tcp4|udp4)/ => 'ip version 4', |
| 20 |
/(tcp6|udp6)/ => 'ip6 version 6', |
| 21 |
default => undef, |
| 22 |
} |
| 23 |
} else {
|
| 24 |
$_ip_version_filter = undef |
| 25 |
} -%> |
| 26 |
<%- if $daddr {
|
| 27 |
$_daddr = ($daddr =~ Array) ? {
|
| 28 |
true => "{${$daddr.join(', ')}}",
|
| 29 |
default => $daddr, |
| 30 |
} |
| 31 |
if $daddr =~ Stdlib::IP::Address::V6 or $daddr =~ Array[Stdlib::IP::Address::V6] {
|
| 32 |
$_daddr_type = 'ip6' |
| 33 |
} elsif $daddr =~ Stdlib::IP::Address::V4 or $daddr =~ Array[Stdlib::IP::Address::V4] {
|
| 34 |
$_daddr_type = 'ip' |
| 35 |
} else {
|
| 36 |
$_daddr_type = $set_type # ip or ip6 |
| 37 |
} |
| 38 |
$_dst_hosts = "${_daddr_type} daddr ${_daddr}"
|
| 39 |
} else {
|
| 40 |
$_dst_hosts = undef |
| 41 |
} -%> |
| 42 |
<%- if $saddr {
|
| 43 |
$_saddr = ($saddr =~ Array) ? {
|
| 44 |
true => "{${$saddr.join(', ')}}",
|
| 45 |
default => $saddr, |
| 46 |
} |
| 47 |
if $saddr =~ Stdlib::IP::Address::V6 or $saddr =~ Array[Stdlib::IP::Address::V6] {
|
| 48 |
$_saddr_type = 'ip6' |
| 49 |
} elsif $saddr =~ Stdlib::IP::Address::V4 or $saddr =~ Array[Stdlib::IP::Address::V4] {
|
| 50 |
$_saddr_type = 'ip' |
| 51 |
} else {
|
| 52 |
$_saddr_type = $set_type # ip or ip6 |
| 53 |
} |
| 54 |
$_src_hosts = "${_saddr_type} saddr ${_saddr}"
|
| 55 |
} else {
|
| 56 |
$_src_hosts = undef |
| 57 |
} -%> |
| 58 |
<%- if $proto and $dport {
|
| 59 |
$_dst_port = "${_proto} dport {${Array($dport, true).join(', ')}}"
|
| 60 |
} else {
|
| 61 |
$_dst_port = undef |
| 62 |
} -%> |
| 63 |
<%- if $comment {
|
| 64 |
$_comment = "comment \"${comment}\""
|
| 65 |
} else {
|
| 66 |
$_comment = undef |
| 67 |
} -%> |
| 68 |
<%- if $proto and $sport {
|
| 69 |
$_src_port = "${_proto} sport {${Array($sport, true).join(', ')}}"
|
| 70 |
} else {
|
| 71 |
$_src_port = undef |
| 72 |
} -%> |
| 73 |
<%- if $counter {
|
| 74 |
$_counter = "counter" |
| 75 |
} else {
|
| 76 |
$_counter = undef |
| 77 |
} -%> |
| 78 |
<%- if empty($iifname) {
|
| 79 |
$_iifname = undef |
| 80 |
} else {
|
| 81 |
$iifdata = $iifname.map |String[1] $interface| { "\"${interface}\"" }.join(', ')
|
| 82 |
$_iifname = "iifname { ${iifdata} }"
|
| 83 |
} -%> |
| 84 |
<%- if empty($oifname) {
|
| 85 |
$_oifname = undef |
| 86 |
} else {
|
| 87 |
$oifdata = $oifname.map |String[1] $interface| { "\"${interface}\"" }.join(', ')
|
| 88 |
$_oifname = "oifname { ${oifdata} }"
|
| 89 |
} -%> |
| 90 |
<%= regsubst(strip([$_ip_version_filter, $_iifname, $_oifname, $_src_port, $_dst_port, $_src_hosts, $_dst_hosts, $_counter, $action, $_comment].join(' ')), '\s+', ' ', 'G') -%>
|