Puppet Class: profile::docker::firewall
- Defined in:
- modules/profile/manifests/docker/firewall.pp
Overview
SPDX-License-Identifier: Apache-2.0
Class: profile::docker::firewall
This is a simple profile class to allow setting up the proper ferm rules for docker
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
# File 'modules/profile/manifests/docker/firewall.pp', line 6
class profile::docker::firewall {
debian::codename::require('buster')
# Values are from buster and docker.io 18.09.1+dfsg1-7.1+deb10u2
$filter_chains = 'DOCKER DOCKER-USER DOCKER-ISOLATION-STAGE-1 DOCKER-ISOLATION-STAGE-2 FORWARD'
$nat_chains = 'DOCKER PREROUTING OUTPUT POSTROUTING'
ferm::rule { 'docker-filter-preserve':
prio => '00',
chain => "(${filter_chains})",
rule => '@preserve;',
}
ferm::rule { 'docker-nat-preserve':
prio => '00',
table => 'nat',
chain => "(${nat_chains})",
rule => '@preserve;',
}
}
|