Révision c1224db5
Move filter rules to inet_filter class
| manifests/inet_filter.pp | ||
|---|---|---|
| 77 | 77 |
content => 'log prefix "[nftables] FORWARD Rejected: " flags all counter reject with icmpx type port-unreachable'; |
| 78 | 78 |
} |
| 79 | 79 |
|
| 80 |
# basic outgoing rules |
|
| 81 |
if $nftables::out_all {
|
|
| 82 |
include nftables::rules::out::all |
|
| 83 |
} else {
|
|
| 84 |
if $nftables::out_ntp {
|
|
| 85 |
include nftables::rules::out::chrony |
|
| 86 |
} |
|
| 87 |
if $nftables::out_dns {
|
|
| 88 |
include nftables::rules::out::dns |
|
| 89 |
} |
|
| 90 |
if $nftables::out_http {
|
|
| 91 |
include nftables::rules::out::http |
|
| 92 |
} |
|
| 93 |
if $nftables::out_https {
|
|
| 94 |
include nftables::rules::out::https |
|
| 95 |
} |
|
| 96 |
} |
|
| 97 |
|
|
| 80 | 98 |
# basic ingoing rules |
| 81 | 99 |
if $nftables::in_ssh {
|
| 82 | 100 |
include nftables::rules::ssh |
| manifests/ip_nat.pp | ||
|---|---|---|
| 37 | 37 |
order => '02', |
| 38 | 38 |
content => 'policy accept'; |
| 39 | 39 |
} |
| 40 |
|
|
| 41 |
# basic outgoing rules |
|
| 42 |
if $nftables::out_all {
|
|
| 43 |
|
|
| 44 |
include nftables::rules::out::all |
|
| 45 |
} else {
|
|
| 46 |
if $nftables::out_ntp {
|
|
| 47 |
include nftables::rules::out::chrony |
|
| 48 |
} |
|
| 49 |
if $nftables::out_dns {
|
|
| 50 |
include nftables::rules::out::dns |
|
| 51 |
} |
|
| 52 |
if $nftables::out_http {
|
|
| 53 |
include nftables::rules::out::http |
|
| 54 |
} |
|
| 55 |
if $nftables::out_https {
|
|
| 56 |
include nftables::rules::out::https |
|
| 57 |
} |
|
| 58 |
} |
|
| 59 | 40 |
} |
Formats disponibles : Unified diff