Révision b3a7a6dd
Allow to inject custom rules
| manifests/init.pp | ||
|---|---|---|
| 4 | 4 |
# class{'nftables:
|
| 5 | 5 |
# out_ntp = false, |
| 6 | 6 |
# out_dns = true, |
| 7 |
# }
|
|
| 7 |
# } |
|
| 8 | 8 |
# |
| 9 |
# @param out_all
|
|
| 9 |
# @param out_all |
|
| 10 | 10 |
# Allow all outbound connections. If `true` then all other |
| 11 | 11 |
# out parameters `out_ntp`, `out_dns`, ... will be assuemed |
| 12 | 12 |
# false. |
| ... | ... | |
| 33 | 33 |
Boolean $out_http = true, |
| 34 | 34 |
Boolean $out_https = true, |
| 35 | 35 |
Boolean $out_all = false, |
| 36 |
Hash $rules = {},
|
|
| 36 | 37 |
) {
|
| 37 | 38 |
|
| 38 | 39 |
package{'nftables':
|
| ... | ... | |
| 68 | 69 |
|
| 69 | 70 |
include nftables::inet_filter |
| 70 | 71 |
include nftables::ip_nat |
| 72 |
|
|
| 73 |
# inject custom rules e.g. from hiera |
|
| 74 |
create_resources(nftables::rule, $rules) |
|
| 71 | 75 |
} |
Formats disponibles : Unified diff