root / manifests / simplerule.pp @ fb65734d
Historique | Voir | Annoter | Télécharger (1,01 ko)
| 1 |
# This class is meant to be useful to ease the migration from the Firewall type |
|---|---|
| 2 |
# for simple use cases. The coverage of all the casuistry is rather low so for |
| 3 |
# any case not covered by nftables::simplerule please just use nftables::rule. |
| 4 |
define nftables::simplerule( |
| 5 |
Enum['present','absent'] |
| 6 |
$ensure = 'present', |
| 7 |
Pattern[/^[-a-zA-Z0-9_]+$/] |
| 8 |
$rulename = $title, |
| 9 |
Pattern[/^\d\d$/] |
| 10 |
$order = '50', |
| 11 |
String |
| 12 |
$chain = 'default_in', |
| 13 |
Optional[String] |
| 14 |
$table = 'inet-filter', |
| 15 |
Enum['accept', 'drop'] |
| 16 |
$action = 'accept', |
| 17 |
Optional[String] |
| 18 |
$comment = undef, |
| 19 |
Optional[Integer[1, 65535]] |
| 20 |
$dport = undef, |
| 21 |
Optional[Enum['tcp', 'udp']] |
| 22 |
$proto = undef, |
| 23 |
){
|
| 24 |
|
| 25 |
if $ensure == 'present' {
|
| 26 |
nftables::rule{"${chain}-${rulename}":
|
| 27 |
content => epp('nftables/simplerule.epp',
|
| 28 |
{
|
| 29 |
'action' => $action, |
| 30 |
'comment' => $comment, |
| 31 |
'dport' => $dport, |
| 32 |
'proto' => $proto, |
| 33 |
} |
| 34 |
), |
| 35 |
order => $order, |
| 36 |
table => $table, |
| 37 |
} |
| 38 |
} |
| 39 |
} |