puppet nftables

<%- | String                  $action,

      Optional[String]        $comment,

      Optional[Variant[Array[Stdlib::Port, 1], Stdlib::Port, String]] $dport,

      Optional[String]        $proto,

      Optional[Variant[Stdlib::IP::Address::V6, Stdlib::IP::Address::V4, Pattern[/^@[-a-zA-Z0-9_]+$/]]] $daddr,

      Enum['ip', 'ip6']       $set_type,

| -%>

<%- if $proto {

  $_proto = $proto ? {

    /tcp(4|6)?/ => 'tcp',

    /udp(4|6)?/ => 'udp',

  }

  $_ip_version_filter = $proto ? {

    /(tcp4|udp4)/ => 'ip version 4',

    /(tcp6|udp6)/ => 'ip version 6',

    default       => undef,

  }

} else {

  $_ip_version_filter = undef

} -%>

<%- if $daddr {

  if $daddr =~ Stdlib::IP::Address::V6 {

    $_dst_hosts = "ip6 daddr ${daddr}"

  } elsif $daddr =~ Stdlib::IP::Address::V4 {

    $_dst_hosts = "ip daddr ${daddr}"

  } else {

    $_dst_hosts = $set_type ? {

      'ip'  => "ip daddr ${daddr}",

      'ip6' => "ip6 daddr ${daddr}",

    }

  }

} else {

  $_dst_hosts = undef

} -%>

<%- if $proto and $dport {

  if $dport =~ Array {

    $_dst_port = "${_proto} dport {${dport.join(', ')}}"

  } else {

    $_dst_port = "${_proto} dport $dport"

  }

} else {

  $_dst_port = undef

} -%>

<%- if $comment {

  $_comment = "comment \"${comment}\""

} else {

  $_comment = undef

} -%>

<%= regsubst(strip([$_ip_version_filter, $_dst_port, $_dst_hosts, $action, $_comment].join(' ')), '\s+', ' ', 'G') -%>