root / templates / simplerule.epp @ 9d1ee648
Historique | Voir | Annoter | Télécharger (2,02 ko)
| 1 |
<%- | String $action, |
|---|---|
| 2 |
Optional[String] $comment, |
| 3 |
Boolean $counter, |
| 4 |
Optional[Nftables::Addr] $daddr, |
| 5 |
Optional[Nftables::Port] $dport, |
| 6 |
Optional[String] $proto, |
| 7 |
Optional[Nftables::Addr] $saddr, |
| 8 |
String $set_type, |
| 9 |
Optional[Nftables::Port] $sport, |
| 10 |
Optional[String[1]] $iifname, |
| 11 |
| -%> |
| 12 |
<%- if $proto {
|
| 13 |
$_proto = $proto ? {
|
| 14 |
/tcp(4|6)?/ => 'tcp', |
| 15 |
/udp(4|6)?/ => 'udp', |
| 16 |
} |
| 17 |
$_ip_version_filter = $proto ? {
|
| 18 |
/(tcp4|udp4)/ => 'ip version 4', |
| 19 |
/(tcp6|udp6)/ => 'ip6 version 6', |
| 20 |
default => undef, |
| 21 |
} |
| 22 |
} else {
|
| 23 |
$_ip_version_filter = undef |
| 24 |
} -%> |
| 25 |
<%- if $daddr {
|
| 26 |
if $daddr =~ Stdlib::IP::Address::V6 {
|
| 27 |
$_dst_hosts = "ip6 daddr ${daddr}"
|
| 28 |
} elsif $daddr =~ Stdlib::IP::Address::V4 {
|
| 29 |
$_dst_hosts = "ip daddr ${daddr}"
|
| 30 |
} else {
|
| 31 |
$_dst_hosts = $set_type ? {
|
| 32 |
'ip' => "ip daddr ${daddr}",
|
| 33 |
'ip6' => "ip6 daddr ${daddr}",
|
| 34 |
} |
| 35 |
} |
| 36 |
} else {
|
| 37 |
$_dst_hosts = undef |
| 38 |
} -%> |
| 39 |
<%- if $saddr {
|
| 40 |
if $saddr =~ Stdlib::IP::Address::V6 {
|
| 41 |
$_src_hosts = "ip6 saddr ${saddr}"
|
| 42 |
} elsif $saddr =~ Stdlib::IP::Address::V4 {
|
| 43 |
$_src_hosts = "ip saddr ${saddr}"
|
| 44 |
} else {
|
| 45 |
$_src_hosts = $set_type ? {
|
| 46 |
'ip' => "ip saddr ${saddr}",
|
| 47 |
'ip6' => "ip6 saddr ${saddr}",
|
| 48 |
} |
| 49 |
} |
| 50 |
} else {
|
| 51 |
$_src_hosts = undef |
| 52 |
} -%> |
| 53 |
<%- if $proto and $dport {
|
| 54 |
$_dst_port = "${_proto} dport {${Array($dport, true).join(', ')}}"
|
| 55 |
} else {
|
| 56 |
$_dst_port = undef |
| 57 |
} -%> |
| 58 |
<%- if $comment {
|
| 59 |
$_comment = "comment \"${comment}\""
|
| 60 |
} else {
|
| 61 |
$_comment = undef |
| 62 |
} -%> |
| 63 |
<%- if $proto and $sport {
|
| 64 |
$_src_port = "${_proto} sport {${Array($sport, true).join(', ')}}"
|
| 65 |
} else {
|
| 66 |
$_src_port = undef |
| 67 |
} -%> |
| 68 |
<%- if $counter {
|
| 69 |
$_counter = "counter" |
| 70 |
} else {
|
| 71 |
$_counter = undef |
| 72 |
} -%> |
| 73 |
<%- if $iifname {
|
| 74 |
$_iifname = "iifname \"${iifname}\""
|
| 75 |
} else {
|
| 76 |
$_iifname = undef |
| 77 |
} -%> |
| 78 |
<%= regsubst(strip([$_ip_version_filter, $_iifname, $_src_port, $_dst_port, $_src_hosts, $_dst_hosts, $_counter, $action, $_comment].join(' ')), '\s+', ' ', 'G') -%>
|