root / manifests / bridges.pp @ 9ef3491b
Historique | Voir | Annoter | Télécharger (771 octets)
| 1 |
# allow forwarding traffic on bridges |
|---|---|
| 2 |
class nftables::bridges ( |
| 3 |
# lint:ignore:parameter_documentation |
| 4 |
Enum['present','absent'] $ensure = 'present', |
| 5 |
Regexp $bridgenames = /^br.+/ |
| 6 |
# lint:endignore |
| 7 |
) {
|
| 8 |
if $ensure == 'present' {
|
| 9 |
if $facts['networking'] {
|
| 10 |
$interfaces = keys($facts['networking']['interfaces']) |
| 11 |
} |
| 12 |
else {
|
| 13 |
$interfaces = split($facts['interfaces'], ',') |
| 14 |
} |
| 15 |
$bridges = $interfaces.filter |$items| { $items =~ $bridgenames }
|
| 16 |
|
| 17 |
$bridges.each |String $bridge| {
|
| 18 |
$bridge_rulename = regsubst($bridge, '-|:', '_', 'G') |
| 19 |
nftables::rule { "default_fwd-bridge_${bridge_rulename}_${bridge_rulename}":
|
| 20 |
order => '08', |
| 21 |
content => "iifname \"${bridge}\" oifname \"${bridge}\" accept",
|
| 22 |
} |
| 23 |
} |
| 24 |
} |
| 25 |
} |