root / manifests / rules / dns.pp @ fc8e52ed
Historique | Voir | Annoter | Télécharger (699 octets)
| 1 | 09cba182 | Steve Traylen | # @summary manage in dns |
|---|---|---|---|
| 2 | # @param ports Specify ports for dns. |
||
| 3 | 67cdcf15 | Steve Traylen | # @param iifname Specify input interface names. |
| 4 | # |
||
| 5 | # @example Allow access to stub dns resolver from docker containers |
||
| 6 | # class { 'nftables::rules::dns':
|
||
| 7 | # iifname => ['docker0'], |
||
| 8 | # } |
||
| 9 | # |
||
| 10 | 11bf7237 | Steve Traylen | class nftables::rules::dns ( |
| 11 | 94a80621 | Steve Traylen | Array[Stdlib::Port,1] $ports = [53], |
| 12 | 67cdcf15 | Steve Traylen | Optional[Array[String[1],1]] $iifname = undef, |
| 13 | 8227cb1c | tr | ) {
|
| 14 | 67cdcf15 | Steve Traylen | $_iifname = $iifname ? {
|
| 15 | Undef => '', |
||
| 16 | default => "iifname {${join($iifname, ', ')}} ",
|
||
| 17 | } |
||
| 18 | |||
| 19 | 11bf7237 | Steve Traylen | nftables::rule {
|
| 20 | 8227cb1c | tr | 'default_in-dns_tcp': |
| 21 | 67cdcf15 | Steve Traylen | content => "${_iifname}tcp dport {${join($ports,', ')}} accept";
|
| 22 | 8227cb1c | tr | 'default_in-dns_udp': |
| 23 | 67cdcf15 | Steve Traylen | content => "${_iifname}udp dport {${join($ports,', ')}} accept";
|
| 24 | 8227cb1c | tr | } |
| 25 | } |