30 lines
589 B
Puppet
30 lines
589 B
Puppet
# manage the firewall
|
|
class firewall (
|
|
Boolean $enable = false,
|
|
Hash $ipset_queries = {},
|
|
){
|
|
|
|
if $enable {
|
|
$ipset_queries.each |$ipset, $query| {
|
|
$ips = sort(query_nodes($query, 'networking.ip'))
|
|
|
|
nftables::set{$ipset:
|
|
type => 'ipv4_addr',
|
|
flags => ['dynamic'],
|
|
elements => $ips,
|
|
}
|
|
}
|
|
|
|
class {'nftables':
|
|
in_ssh => false,
|
|
in_icmp => true,
|
|
out_ntp => false,
|
|
out_dns => false,
|
|
out_http => false,
|
|
out_https => false,
|
|
out_icmp => true,
|
|
out_all => false,
|
|
}
|
|
}
|
|
}
|