root / manifests / rules / ssdp.pp @ c00bcf2d
Historique | Voir | Annoter | Télécharger (573 octets)
| 1 | 50a5be8b | Tim Meusel | # |
|---|---|---|---|
| 2 | # @summary allow incoming SSDP |
||
| 3 | # |
||
| 4 | # @param ipv4 Allow SSDP over IPv4 |
||
| 5 | # @param ipv6 Allow SSDP over IPv6 |
||
| 6 | # |
||
| 7 | # @see https://datatracker.ietf.org/doc/html/draft-cai-ssdp-v1-03 |
||
| 8 | # |
||
| 9 | class nftables::rules::ssdp ( |
||
| 10 | Boolean $ipv4 = true, |
||
| 11 | Boolean $ipv6 = true, |
||
| 12 | ) {
|
||
| 13 | if $ipv4 {
|
||
| 14 | nftables::rule { 'default_in-ssdp_v4':
|
||
| 15 | content => 'ip daddr 239.255.255.250 udp dport 1900 accept comment "accept SSDP"', |
||
| 16 | } |
||
| 17 | } |
||
| 18 | if $ipv6 {
|
||
| 19 | nftables::rule { 'default_in-ssdp_v6':
|
||
| 20 | content => 'ip6 daddr {ff02::c, ff05::c} udp dport 1900 accept comment "accept SSDP"',
|
||
| 21 | } |
||
| 22 | } |
||
| 23 | } |