Commit f6ed162f authored by mh's avatar mh
Browse files

add more rules and make rule both in & out

parent f5b6d26e
# manage incoming rule
# manage simple rules
define firewall::rule (
Nftables::SimpleRuleName $rule_name = $title,
Nftables::Port $port,
Enum['tcp','udp'] $proto = 'tcp',
Enum['out','in'] $direction = 'in',
) {
include firewall
if $firewall::use_nftables {
nftables::rule {
"default_in-${rule_name}":
"default_${direction}-${rule_name}":
content => "${proto} dport ${port} accept",
}
} else {
shorewall::rule { "net-me-${rule_name}-${proto}":
source => 'net',
destination => '$FW',
if $direction == 'out' {
$source = '$FW'
$destination = 'net'
} else {
$source = 'net'
$destination = '$FW'
}
shorewall::rule { "${source}-${destination}-${rule_name}-${proto}":
source => $source,
destination => $destination,
proto => $proto,
destinationport => String($port),
order => 240,
......
# outgoing pyzor
class firewall::rules::out::pyzor {
include firewall
if $firewall::use_nftables {
nftables::rule {
'default_out-pyzor':
content => 'udp dport 24441 accept',
}
} else {
include shorewall::rules::out::pyzor
}
}
# outgoing razor
class firewall::rules::out::razor {
include firewall
if $firewall::use_nftables {
nftables::rule {
'default_out-razor':
content => 'tcp dport 2703 accept',
}
} else {
include shorewall::rules::out::razor
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment