Révision f3f2870f
Add rules for afs3_callback
In particular the afs callback to the cache manager(7001) which is UDP and always
IPv4 since there OpenAFS does not support IPv6.
https://wiki.openafs.org/devel/AFSServicePorts/
| manifests/rules/afs3_callback.pp | ||
|---|---|---|
| 1 |
# @summary Open call back port for AFS clients |
|
| 2 |
# @param saddr list of source network ranges to a |
|
| 3 |
# @example |
|
| 4 |
# class{'nftables::rules::afs3_callback':
|
|
| 5 |
# saddr => ['192.168.0.0/16', '10.0.0.222'] |
|
| 6 |
# } |
|
| 7 |
# |
|
| 8 |
class nftables::rules::afs3_callback ( |
|
| 9 |
Array[Stdlib::IP::Address::V4,1] $saddr = ['0.0.0.0/0'], |
|
| 10 |
) {
|
|
| 11 |
|
|
| 12 |
nftables::rule{'default_in-afs3_callback':
|
|
| 13 |
content => "ip saddr { ${saddr.join(', ')} } udp dport 7001 accept";
|
|
| 14 |
} |
|
| 15 |
|
|
| 16 |
} |
|
| spec/classes/rules/afs3_callback_spec.rb | ||
|---|---|---|
| 1 |
require 'spec_helper' |
|
| 2 |
|
|
| 3 |
describe 'nftables::rules::afs3_callback' do |
|
| 4 |
on_supported_os.each do |os, os_facts| |
|
| 5 |
context "on #{os}" do
|
|
| 6 |
let(:facts) { os_facts }
|
|
| 7 |
|
|
| 8 |
context 'default options' do |
|
| 9 |
it { is_expected.to compile }
|
|
| 10 |
it { is_expected.to contain_nftables__rule('default_in-afs3_callback') }
|
|
| 11 |
it { is_expected.to contain_nftables__rule('default_in-afs3_callback').with_content('ip saddr { 0.0.0.0/0 } udp dport 7001 accept') }
|
|
| 12 |
end |
|
| 13 |
|
|
| 14 |
context 'with saddr set' do |
|
| 15 |
let(:params) do |
|
| 16 |
{
|
|
| 17 |
saddr: ['192.168.0.0/16', '1.2.3.4'], |
|
| 18 |
} |
|
| 19 |
end |
|
| 20 |
|
|
| 21 |
it { is_expected.to compile }
|
|
| 22 |
it { is_expected.to contain_nftables__rule('default_in-afs3_callback') }
|
|
| 23 |
it { is_expected.to contain_nftables__rule('default_in-afs3_callback').with_content('ip saddr { 192.168.0.0/16, 1.2.3.4 } udp dport 7001 accept') }
|
|
| 24 |
end |
|
| 25 |
end |
|
| 26 |
end |
|
| 27 |
end |
|
Formats disponibles : Unified diff