rule.pp 592 Bytes
Newer Older
1
2
# manage incoming rule
define firewall::rule (
mh's avatar
mh committed
3
  Nftables::SimpleRuleName $rule_name = $title,
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
  Nftables::Port $port,
  Enum['tcp','udp'] $proto,
) {
  include firewall
  if $firewall::use_nftables {
    nftables::rule {
      "default_in-${rule_name}":
        content => "${proto} dport ${port} accept",
    }
  } else {
    shorewall::rule { "net-me-${rule_name}-${proto}":
      source          => 'net',
      destination     => '$FW',
      proto           => $proto,
      destinationport => String($port),
      order           => 240,
      action          => 'ACCEPT';
    }
  }
}