/manifests/rules/out/dns.pp - Diff - puppet nftables - Koumbit's Redmine

Révision d4de1bfe

ID	d4de1bfe19382d8d20cb912dabae046c531a29ef
Parent	a98c98d4
Enfant	15aaf3c5

Ajouté par tr il y a plus de 4 ans

Allow to set a list of dns servers

     # manage out dns
     class nftables::rules::out::dns {
       nftables::filter::chain::rule{
         'default_out-dnsudp':
           content => 'udp dport 53 accept';
         'default_out-dnstcp':
           content => 'tcp dport 53 accept';
     class nftables::rules::out::dns (
       Optional[Variant[String,Array[String,1]]]
         $dns_server = undef,
     ) {
       if $dns_server {
         any2array($dns_server).each |$index,$dns| {
           nftables::filter::chain::rule{
             "default_out-dnsudp-${index}":
+          }
           if $dns =~ /:/ {
             Nftables::Filter::Chain::Rule["default_out-dnsudp-${index}"]{
               content => "ip6 daddr ${dns} udp dport 53 accept",
+            }
           } else {
             Nftables::Filter::Chain::Rule["default_out-dnsudp-${index}"]{
               content => "ip daddr ${dns} udp dport 53 accept",
+            }
+          }
           nftables::filter::chain::rule{
             "default_out-dnstcp-${index}":
+          }
           if $dns =~ /:/ {
             Nftables::Filter::Chain::Rule["default_out-dnstcp-${index}"]{
               content => "ip6 daddr ${dns} tcp dport 53 accept",
+            }
           } else {
             Nftables::Filter::Chain::Rule["default_out-dnstcp-${index}"]{
               content => "ip daddr ${dns} tcp dport 53 accept",
+            }
+          }
+        }
       } else {
         nftables::filter::chain::rule{
           'default_out-dnsudp':
             content => 'udp dport 53 accept';
           'default_out-dnstcp':
             content => 'tcp dport 53 accept';
+        }
+      }
+    }

Formats disponibles : Unified diff

Projet

Général

Profil

puppet nftables

Révision d4de1bfe