Ben Vincent
b9465cd78b
- create classes for each class of in/out traffic - use hier_include to add firewall rules to each role
17 lines
366 B
Puppet
17 lines
366 B
Puppet
class firewall::rules::in::sshd (
|
|
Array[Stdlib::Port] $ports = [22],
|
|
Optional[String] $ipset = undef,
|
|
) {
|
|
|
|
$ports.each |$port| {
|
|
if $ipset != '' {
|
|
$rule = "tcp dport ${port} ip saddr @${ipset} accept"
|
|
}else{
|
|
$rule = "tcp dport ${port} accept"
|
|
}
|
|
nftables::rule { "default_in-sshd_tcp_${port}":
|
|
content => $rule,
|
|
}
|
|
}
|
|
}
|