30 lines
850 B
Puppet
30 lines
850 B
Puppet
class firewall::rules::out::consul (
|
|
String $ipset = 'consul',
|
|
) {
|
|
|
|
# serf traffic (lan and wan)
|
|
nftables::rule { 'default_out-consul_udp_8301':
|
|
content => 'udp dport 8301 accept',
|
|
}
|
|
nftables::rule { 'default_out-consul_tcp_8301':
|
|
content => 'tcp dport 8301 accept',
|
|
}
|
|
nftables::rule { 'default_out-consul_udp_8302':
|
|
content => 'udp dport 8302 accept',
|
|
}
|
|
nftables::rule { 'default_out-consul_tcp_8302':
|
|
content => 'tcp dport 8302 accept',
|
|
}
|
|
|
|
# communication with servers
|
|
nftables::rule { 'default_out-consul_tcp_8300':
|
|
content => "tcp dport 8300 ip daddr @${ipset} accept",
|
|
}
|
|
nftables::rule { 'default_out-consul_tcp_8500':
|
|
content => "tcp dport 8500 ip daddr @${ipset} accept",
|
|
}
|
|
nftables::rule { 'default_out-consul_tcp_8503':
|
|
content => "tcp dport 8503 ip daddr @${ipset} accept",
|
|
}
|
|
}
|