20 lines
505 B
Puppet
20 lines
505 B
Puppet
class firewall::rules::in::dns (
|
|
Array[Stdlib::Port] $ports = [53],
|
|
Array[Enum['tcp','udp']] $protocols = ['udp','tcp'],
|
|
Optional[String] $ipset = undef,
|
|
) {
|
|
|
|
$ports.each |$port| {
|
|
$protocols.each |$proto| {
|
|
if $ipset != '' {
|
|
$rule = "${proto} dport ${port} ip saddr @${ipset} accept"
|
|
}else{
|
|
$rule = "${proto} dport ${port} accept"
|
|
}
|
|
nftables::rule { "default_in-dns_${proto}_${port}":
|
|
content => $rule,
|
|
}
|
|
}
|
|
}
|
|
}
|