Defined Type: ferm::filter_log

Defined in:
modules/ferm/manifests/filter_log.pp

Overview

defines a custom ferm rule to filter logs

Parameters:

  • ensure (Wmflib::Ensure) (defaults to: present)
  • proto (Optional[Enum['tcp', 'udp']]) (defaults to: undef)
  • saddr (Optional[Stdlib::IP::Address]) (defaults to: undef)
  • daddr (Optional[Stdlib::IP::Address]) (defaults to: undef)
  • sport (Optional[Stdlib::Port]) (defaults to: undef)
  • dport (Optional[Stdlib::Port]) (defaults to: undef) 


2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'modules/ferm/manifests/filter_log.pp', line 2

define ferm::filter_log (
    Wmflib::Ensure                $ensure = present,
    Optional[Enum['tcp', 'udp']]  $proto = undef,
    Optional[Stdlib::IP::Address] $saddr = undef,
    Optional[Stdlib::IP::Address] $daddr = undef,
    Optional[Stdlib::Port]        $sport = undef,
    Optional[Stdlib::Port]        $dport = undef,
) {
  $_proto = $proto ? {
    undef   => '',
    default => "proto ${proto}",
  }
  $_saddr = $saddr ? {
    undef   => '',
    default => "saddr ${saddr}",
  }
  $_daddr = $daddr ? {
    undef   => '',
    default => "daddr ${daddr}",
  }
  $_sport = $sport ? {
    undef   => '',
    default => "sport ${sport}",
  }
  $_dport = $dport ? {
    undef   => '',
    default => "dport ${dport}",
  }
  ferm::rule { "filter_log_${name}":
    ensure => $ensure,
    rule   => "${_proto} ${_saddr} ${_daddr} ${_sport} ${_dport} DROP;",
    prio   => '98',
  }
}