feat: add enable/disable flag to firewall::init

This commit is contained in:
2024-11-16 11:49:56 +11:00
parent b9465cd78b
commit 90ce015d43
2 changed files with 21 additions and 17 deletions
+20 -17
View File
@@ -1,26 +1,29 @@
# manage the firewall
class firewall (
Boolean $enable = false,
Hash $ipset_queries = {},
){
$ipset_queries.each |$ipset, $query| {
$ips = sort(query_nodes($query, 'networking.ip'))
if $enable {
$ipset_queries.each |$ipset, $query| {
$ips = sort(query_nodes($query, 'networking.ip'))
nftables::set{$ipset:
type => 'ipv4_addr',
flags => ['dynamic'],
elements => $ips,
nftables::set{$ipset:
type => 'ipv4_addr',
flags => ['dynamic'],
elements => $ips,
}
}
class {'nftables':
in_ssh => false,
in_icmp => true,
out_ntp => false,
out_dns => false,
out_http => false,
out_https => false,
out_icmp => true,
out_all => false,
}
}
class {'nftables':
in_ssh => false,
in_icmp => true,
out_ntp => false,
out_dns => false,
out_http => false,
out_https => false,
out_icmp => true,
out_all => false,
}
}