root / manifests / init.pp @ c02d1b07
Historique | Voir | Annoter | Télécharger (911 octets)
| 1 | 0ba57c66 | mh | # manage nftables |
|---|---|---|---|
| 2 | be0b08e1 | tr | class nftables ( |
| 3 | Boolean $in_ssh = true, |
||
| 4 | Boolean $out_ntp = true, |
||
| 5 | Boolean $out_dns = true, |
||
| 6 | cd664666 | tr | Boolean $out_http = true, |
| 7 | be0b08e1 | tr | Boolean $out_https = true, |
| 8 | ) {
|
||
| 9 | |||
| 10 | 0ba57c66 | mh | package{'nftables':
|
| 11 | ensure => installed, |
||
| 12 | } -> file_line{
|
||
| 13 | 'enable_nftables': |
||
| 14 | line => 'include "/etc/nftables/puppet.nft"', |
||
| 15 | path => '/etc/sysconfig/nftables.conf', |
||
| 16 | notify => Service['nftables'], |
||
| 17 | } -> file{
|
||
| 18 | default: |
||
| 19 | e140adff | tr | owner => 'root', |
| 20 | group => 'root', |
||
| 21 | mode => '0640'; |
||
| 22 | 0ba57c66 | mh | '/etc/nftables/puppet.nft': |
| 23 | 5acb554a | tr | ensure => file, |
| 24 | 0ba57c66 | mh | source => 'puppet:///modules/nftables/config/puppet.nft'; |
| 25 | '/etc/nftables/puppet': |
||
| 26 | ensure => directory, |
||
| 27 | 5acb554a | tr | mode => '0750', |
| 28 | 0ba57c66 | mh | purge => true, |
| 29 | force => true, |
||
| 30 | recurse => true; |
||
| 31 | } ~> service{'nftables':
|
||
| 32 | e140adff | tr | ensure => running, |
| 33 | enable => true, |
||
| 34 | 0ba57c66 | mh | } |
| 35 | |||
| 36 | c8092701 | tr | include nftables::inet_filter |
| 37 | include nftables::ip_nat |
||
| 38 | 0ba57c66 | mh | } |