Defined Type: firewall::service
- Defined in:
- modules/firewall/manifests/service.pp
Summary
a shim define to support a common interface between ferm::service and nft::serviceOverview
SPDX-License-Identifier: Apache-2.0
14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 |
# File 'modules/firewall/manifests/service.pp', line 14
define firewall::service(
Wmflib::Protocol $proto,
$port = undef,
Wmflib::Ensure $ensure = present,
Optional[String] $desc = '',
Integer[0,99] $prio = 10,
Optional[Firewall::Portrange] $port_range = undef,
$srange = undef,
$drange = undef,
Optional[Array[String[1]]] $src_sets = undef,
Optional[Array[String[1]]] $dst_sets = undef,
Boolean $notrack = false,
Optional[Firewall::Qos] $qos = undef,
) {
include firewall
$escaped_title = regsubst($title, '\W', '_', 'G')
case $firewall::provider {
'none': {}
'ferm': {
ferm::service { $escaped_title:
* => wmflib::resource::dump_params(),
}
}
'nftables': {
if $srange =~ String {
fail('The srange needs to be passed as an array of hosts or IPs')
}
if $drange =~ String {
fail('The drange needs to be passed as an array of hosts or IPs')
}
if $port =~ Pattern[/\d{1,5}:\d{1,5}/] {
fail('The port needs to be converted to use a port_range')
}
if $port =~ String {
fail('The port needs to be converted to an array; use a port or port_range')
}
nftables::service { $title:
* => wmflib::resource::filter_params('drange', 'srange'),
src_ips => $srange.then |$range| { wmflib::hosts2ips($range) },
dst_ips => $drange.then |$range| { wmflib::hosts2ips($range) },
}
}
default: { fail('invalid provider') }
}
}
|