puppet-prod/modules/firewall/manifests/rules/out/ceph_client.pp

class firewall::rules::out::ceph_client (
  Array[Stdlib::Port,1] $ports = [3300, 6789],
) {
  nftables::rule {
    'default_out-ceph_client':
      content => "tcp dport { ${$ports.join(', ')}, 6800-7300 } accept",
  }
}