Projet

Général

Profil

Paste
Télécharger au format
Statistiques
| Branche: | Révision:

root / manifests / rules / out / dns.pp @ ba5e15bd

Historique | Voir | Annoter | Télécharger (1,09 ko)

1 9da28f8c tr
# manage out dns
2 d4de1bfe tr
class nftables::rules::out::dns (
3
  Optional[Variant[String,Array[String,1]]]
4
    $dns_server = undef,
5
) {
6
  if $dns_server {
7
    any2array($dns_server).each |$index,$dns| {
8
9 8efbdf9a tr
      nftables::rule{
10 d4de1bfe tr
        "default_out-dnsudp-${index}":
11
      }
12
      if $dns =~ /:/ {
13 8efbdf9a tr
        Nftables::Rule["default_out-dnsudp-${index}"]{
14 d4de1bfe tr
          content => "ip6 daddr ${dns} udp dport 53 accept",
15
        }
16
      } else {
17 8efbdf9a tr
        Nftables::Rule["default_out-dnsudp-${index}"]{
18 d4de1bfe tr
          content => "ip daddr ${dns} udp dport 53 accept",
19
        }
20
      }
21
22 8efbdf9a tr
      nftables::rule{
23 d4de1bfe tr
        "default_out-dnstcp-${index}":
24
      }
25
      if $dns =~ /:/ {
26 8efbdf9a tr
        Nftables::Rule["default_out-dnstcp-${index}"]{
27 d4de1bfe tr
          content => "ip6 daddr ${dns} tcp dport 53 accept",
28
        }
29
      } else {
30 8efbdf9a tr
        Nftables::Rule["default_out-dnstcp-${index}"]{
31 d4de1bfe tr
          content => "ip daddr ${dns} tcp dport 53 accept",
32
        }
33
      }
34
    }
35
  } else {
36 8efbdf9a tr
    nftables::rule{
37 d4de1bfe tr
      'default_out-dnsudp':
38
        content => 'udp dport 53 accept';
39
      'default_out-dnstcp':
40
        content => 'tcp dport 53 accept';
41
    }
42 9da28f8c tr
  }
43
}