puppet-prod/modules/firewall/manifests/rules/in/mysql.pp

class firewall::rules::in::mysql (
  Array[Stdlib::Port] $ports = [3306],
) {

  $ports.each |$port| {
    nftables::rule { "default_in-mysql_${port}":
      content => "tcp dport ${port} accept",
    }
  }
}