root / templates / simplerule.epp @ d43ced4d
Historique | Voir | Annoter | Télécharger (1,48 ko)
| 1 |
<%- | String $action, |
|---|---|
| 2 |
Optional[String] $comment, |
| 3 |
Optional[Variant[Array[Stdlib::Port, 1], Stdlib::Port, String]] $dport, |
| 4 |
Optional[String] $proto, |
| 5 |
Optional[Variant[Stdlib::IP::Address::V6, Stdlib::IP::Address::V4, Pattern[/^@[-a-zA-Z0-9_]+$/]]] $daddr, |
| 6 |
Enum['ip', 'ip6'] $set_type, |
| 7 |
Boolean $counter, |
| 8 |
| -%> |
| 9 |
<%- if $proto {
|
| 10 |
$_proto = $proto ? {
|
| 11 |
/tcp(4|6)?/ => 'tcp', |
| 12 |
/udp(4|6)?/ => 'udp', |
| 13 |
} |
| 14 |
$_ip_version_filter = $proto ? {
|
| 15 |
/(tcp4|udp4)/ => 'ip version 4', |
| 16 |
/(tcp6|udp6)/ => 'ip version 6', |
| 17 |
default => undef, |
| 18 |
} |
| 19 |
} else {
|
| 20 |
$_ip_version_filter = undef |
| 21 |
} -%> |
| 22 |
<%- if $daddr {
|
| 23 |
if $daddr =~ Stdlib::IP::Address::V6 {
|
| 24 |
$_dst_hosts = "ip6 daddr ${daddr}"
|
| 25 |
} elsif $daddr =~ Stdlib::IP::Address::V4 {
|
| 26 |
$_dst_hosts = "ip daddr ${daddr}"
|
| 27 |
} else {
|
| 28 |
$_dst_hosts = $set_type ? {
|
| 29 |
'ip' => "ip daddr ${daddr}",
|
| 30 |
'ip6' => "ip6 daddr ${daddr}",
|
| 31 |
} |
| 32 |
} |
| 33 |
} else {
|
| 34 |
$_dst_hosts = undef |
| 35 |
} -%> |
| 36 |
<%- if $proto and $dport {
|
| 37 |
if $dport =~ Array {
|
| 38 |
$_dst_port = "${_proto} dport {${dport.join(', ')}}"
|
| 39 |
} else {
|
| 40 |
$_dst_port = "${_proto} dport $dport"
|
| 41 |
} |
| 42 |
} else {
|
| 43 |
$_dst_port = undef |
| 44 |
} -%> |
| 45 |
<%- if $comment {
|
| 46 |
$_comment = "comment \"${comment}\""
|
| 47 |
} else {
|
| 48 |
$_comment = undef |
| 49 |
} -%> |
| 50 |
<%- if $counter {
|
| 51 |
$_counter = "counter" |
| 52 |
} else {
|
| 53 |
$_counter = undef |
| 54 |
} -%> |
| 55 |
<%= regsubst(strip([$_ip_version_filter, $_dst_port, $_dst_hosts, $_counter, $action, $_comment].join(' ')), '\s+', ' ', 'G') -%>
|