Révision e17693e3
New parameter out_all, default false
In order to allow all outbound traffic a parameter is
added to enable a simple `allow` entry on the out chain.
Default is false so backwards compatible.
If true all the other out_bound rules (ntp, ...) will be disabled
since not needed.
| manifests/ip_nat.pp | ||
|---|---|---|
| 39 | 39 |
} |
| 40 | 40 |
|
| 41 | 41 |
# basic outgoing rules |
| 42 |
if $nftables::out_ntp {
|
|
| 43 |
include nftables::rules::out::chrony |
|
| 44 |
} |
|
| 45 |
if $nftables::out_dns {
|
|
| 46 |
include nftables::rules::out::dns |
|
| 47 |
} |
|
| 48 |
if $nftables::out_http {
|
|
| 49 |
include nftables::rules::out::http |
|
| 50 |
} |
|
| 51 |
if $nftables::out_https {
|
|
| 52 |
include nftables::rules::out::https |
|
| 42 |
if $nftables::out_all {
|
|
| 43 |
|
|
| 44 |
include nftables::rules::out::all |
|
| 45 |
} else {
|
|
| 46 |
if $nftables::out_ntp {
|
|
| 47 |
include nftables::rules::out::chrony |
|
| 48 |
} |
|
| 49 |
if $nftables::out_dns {
|
|
| 50 |
include nftables::rules::out::dns |
|
| 51 |
} |
|
| 52 |
if $nftables::out_http {
|
|
| 53 |
include nftables::rules::out::http |
|
| 54 |
} |
|
| 55 |
if $nftables::out_https {
|
|
| 56 |
include nftables::rules::out::https |
|
| 57 |
} |
|
| 53 | 58 |
} |
| 54 | 59 |
} |
Formats disponibles : Unified diff