Projet

Général

Profil

Révision 9d1ee648

ID9d1ee648908106342432849460c1a224b8ed77cd
Parent ee2d38a5
Enfant 545a379b

Ajouté par Tim Meusel il y a plus d'un an

rules::out:dns: refactor for better readability

Voir les différences:

REFERENCE.md
913 913 

  		




  914
  914
  
    
##### <a name="-nftables--rules--out--dns--dns_server"></a>`dns_server`


  		




  915
  915
  
    

  		




  916
  
  
    
Data type: `Optional[Variant[String,Array[String,1]]]`


  		




  
  916
  
    
Data type: `Array[Stdlib::IP::Address]`


  		




  917
  917
  
    

  		




  918
  918
  
    
specify dns_server name


  		




  919
  919
  
    

  		




  920
  
  
    
Default value: `undef`


  		




  
  920
  
    
Default value: `[]`


  		




  921
  921
  
    

  		




  922
  922
  
    
### <a name="nftables--rules--out--hkp"></a>`nftables::rules::out::hkp`


  		




  923
  923
  
    

  		












  

    
      manifests/rules/out/dns.pp
    
  





  1
  1
  
    
# @summary manage out dns


  		




  2
  2
  
    
# @param dns_server specify dns_server name


  		




  3
  3
  
    
class nftables::rules::out::dns (


  		




  4
  
  
    
  Optional[Variant[String,Array[String,1]]] $dns_server = undef,


  		




  
  4
  
    
  Array[Stdlib::IP::Address] $dns_server = [],


  		




  5
  5
  
    
) {


  		




  6
  
  
    
  if $dns_server {


  		




  7
  
  
    
    any2array($dns_server).each |$index,$dns| {


  		




  8
  
  
    
      nftables::rule {


  		




  9
  
  
    
        "default_out-dnsudp-${index}":


  		




  
  6
  
    
  unless empty($dns_server) {


  		




  
  7
  
    
    $dns_server.each |$index,$dns| {


  		




  
  8
  
    
      $content = $dns ? {


  		




  
  9
  
    
        Stdlib::IP::Address::V6 => "ip6 daddr ${dns}",


  		




  
  10
  
    
        Stdlib::IP::Address::V4 => "ip daddr ${dns}",


  		




  10
  11
  
    
      }


  		




  11
  
  
    
      if $dns =~ /:/ {


  		




  12
  
  
    
        Nftables::Rule["default_out-dnsudp-${index}"] {


  		




  13
  
  
    
          content => "ip6 daddr ${dns} udp dport 53 accept",


  		




  14
  
  
    
        }


  		




  15
  
  
    
      } else {


  		




  16
  
  
    
        Nftables::Rule["default_out-dnsudp-${index}"] {


  		




  17
  
  
    
          content => "ip daddr ${dns} udp dport 53 accept",


  		




  18
  
  
    
        }


  		




  
  12
  
    
      nftables::rule { "default_out-dnstcp-${index}":


  		




  
  13
  
    
        content => "${content} tcp dport 53 accept",


  		




  19
  14
  
    
      }


  		




  20
  
  
    

  		




  21
  
  
    
      nftables::rule {


  		




  22
  
  
    
        "default_out-dnstcp-${index}":


  		




  23
  
  
    
      }


  		




  24
  
  
    
      if $dns =~ /:/ {


  		




  25
  
  
    
        Nftables::Rule["default_out-dnstcp-${index}"] {


  		




  26
  
  
    
          content => "ip6 daddr ${dns} tcp dport 53 accept",


  		




  27
  
  
    
        }


  		




  28
  
  
    
      } else {


  		




  29
  
  
    
        Nftables::Rule["default_out-dnstcp-${index}"] {


  		




  30
  
  
    
          content => "ip daddr ${dns} tcp dport 53 accept",


  		




  31
  
  
    
        }


  		




  
  15
  
    
      nftables::rule { "default_out-dnsudp-${index}":


  		




  
  16
  
    
        content => "${content} udp dport 53 accept",


  		




  32
  17
  
    
      }


  		




  33
  18
  
    
    }


  		




  34
  19
  
    
  } else {


  		












Formats disponibles :  Unified diff