Projet

Général

Profil

Paste
Télécharger au format
Statistiques
| Branche: | Révision:

root / templates / simplerule.epp @ d7d6d5d3

Historique | Voir | Annoter | Télécharger (2,16 ko)

1 55277023 Nacho Barrientos 
<%- | String                   $action,
2 
      Optional[String]         $comment,
3 
      Boolean                  $counter,
4 f1ef02c5 Nacho Barrientos 
      Optional[Nftables::Addr] $daddr,
5 09b07e56 Nacho Barrientos 
      Optional[Nftables::Port] $dport,
6 55277023 Nacho Barrientos 
      Optional[String]         $proto,
7 f1ef02c5 Nacho Barrientos 
      Optional[Nftables::Addr] $saddr,
8 42e7f3ea Nacho Barrientos 
      String                   $set_type,
9 09b07e56 Nacho Barrientos 
      Optional[Nftables::Port] $sport,
10 25b3f3f4 Tim Meusel 
      Optional[String[1]]      $iifname,
11 d7d6d5d3 Tim Meusel 
      Optional[String[1]]      $oifname,
12 83382bb5 Nacho Barrientos 
| -%>
13 316bc3f8 Nacho Barrientos 
<%- if $proto {
14 
  $_proto = $proto ? {
15 
    /tcp(4|6)?/ => 'tcp',
16 
    /udp(4|6)?/ => 'udp',
17 
  }
18 
  $_ip_version_filter = $proto ? {
19 
    /(tcp4|udp4)/ => 'ip version 4',
20 1d56f209 Nacho Barrientos 
    /(tcp6|udp6)/ => 'ip6 version 6',
21 316bc3f8 Nacho Barrientos 
    default       => undef,
22 
  }
23 
} else {
24 
  $_ip_version_filter = undef
25 
} -%>
26 aaa37172 Nacho Barrientos 
<%- if $daddr {
27 
  if $daddr =~ Stdlib::IP::Address::V6 {
28 
    $_dst_hosts = "ip6 daddr ${daddr}"
29 
  } elsif $daddr =~ Stdlib::IP::Address::V4 {
30 
    $_dst_hosts = "ip daddr ${daddr}"
31 
  } else {
32 
    $_dst_hosts = $set_type ? {
33 
      'ip'  => "ip daddr ${daddr}",
34 
      'ip6' => "ip6 daddr ${daddr}",
35 
    }
36 
  }
37 
} else {
38 
  $_dst_hosts = undef
39 
} -%>
40 3a469f2b Nacho Barrientos 
<%- if $saddr {
41 
  if $saddr =~ Stdlib::IP::Address::V6 {
42 
    $_src_hosts = "ip6 saddr ${saddr}"
43 bd8baa0f Nacho Barrientos 
  } elsif $saddr =~ Stdlib::IP::Address::V4 {
44 3a469f2b Nacho Barrientos 
    $_src_hosts = "ip saddr ${saddr}"
45 
  } else {
46 
    $_src_hosts = $set_type ? {
47 
      'ip'  => "ip saddr ${saddr}",
48 
      'ip6' => "ip6 saddr ${saddr}",
49 
    }
50 
  }
51 
} else {
52 
  $_src_hosts = undef
53 
} -%>
54 3a52fb41 Nacho Barrientos 
<%- if $proto and $dport {
55 6793d286 Nacho Barrientos 
  $_dst_port = "${_proto} dport {${Array($dport, true).join(', ')}}"
56 83382bb5 Nacho Barrientos 
} else {
57 aaa37172 Nacho Barrientos 
  $_dst_port = undef
58 83382bb5 Nacho Barrientos 
} -%>
59 
<%- if $comment {
60 
  $_comment = "comment \"${comment}\""
61 
} else {
62 
  $_comment = undef
63 
} -%>
64 77abc10b Nacho Barrientos 
<%- if $proto and $sport {
65 
  $_src_port = "${_proto} sport {${Array($sport, true).join(', ')}}"
66 
} else {
67 
  $_src_port = undef
68 
} -%>
69 d43ced4d Nacho Barrientos 
<%- if $counter {
70 
  $_counter = "counter"
71 
} else {
72 
  $_counter = undef
73 
} -%>
74 25b3f3f4 Tim Meusel 
<%- if $iifname {
75 
  $_iifname = "iifname \"${iifname}\""
76 
} else {
77 
  $_iifname = undef
78 
} -%>
79 d7d6d5d3 Tim Meusel 
<%- if $oifname {
80 
  $_oifname = "oifname \"${oifname}\""
81 
} else {
82 
  $_oifname = undef
83 
} -%>
84 
<%= regsubst(strip([$_ip_version_filter, $_iifname, $_oifname, $_src_port, $_dst_port, $_src_hosts, $_dst_hosts, $_counter, $action, $_comment].join(' ')), '\s+', ' ', 'G') -%>