diff options
Diffstat (limited to 'manifests/rule.pp')
| -rw-r--r-- | manifests/rule.pp | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/manifests/rule.pp b/manifests/rule.pp new file mode 100644 index 0000000..679f09d --- /dev/null +++ b/manifests/rule.pp @@ -0,0 +1,39 @@ +define ferm::rule ( + Ferm::Chains $chain, + Ferm::Policies $policy, + Ferm::Protocols $proto, + String $comment = $name, + Optional[Variant[Integer,String]] $dport = undef, + Optional[Variant[Integer,String]] $sport = undef, + Optional[String] $saddr = undef, + Optional[String] $daddr = undef, + Enum['absent','present'] $ensure = 'present', +){ + $proto_real = "proto ${proto}" + + $dport_real = $dport ? { + undef => '', + default => "dport ${dport}", + } + $sport_real = $sport ? { + undef => '', + default => "sport ${sport}", + } + $saddr_real = $saddr ? { + undef => '', + default => "saddr @ipfilter(${saddr})", + } + $daddr_real = $daddr ? { + undef => '', + default => "daddr @ipfilter(${daddr})" + } + $comment_real = "mod comment comment '${comment}'" + + $rule = squeeze("${comment_real} ${proto_real} ${dport_real} ${sport_real} ${daddr_real} ${saddr_real} ${policy};", ' ') + if $ensure == 'present' { + concat::fragment{"${chain}-${name}": + target => "/etc/ferm.d/chains/${chain}.conf", + content => "${rule}\n", + } + } +} |