2021-05-25 04:12:28 +02:00
|
|
|
# @summary Adds an iptables "allow" rule for the host for a port.
|
|
|
|
#
|
|
|
|
# Rules with the same ordering are ordered by the rule name.
|
|
|
|
#
|
2024-02-06 21:40:19 +01:00
|
|
|
define kandra::firewall_allow (
|
2021-05-25 04:12:28 +02:00
|
|
|
$port = '',
|
|
|
|
$proto = 'tcp',
|
|
|
|
$order = '50',
|
|
|
|
) {
|
|
|
|
if $port == '' {
|
|
|
|
$portname = $name
|
|
|
|
} else {
|
|
|
|
$portname = $port
|
|
|
|
}
|
|
|
|
|
2021-08-24 20:43:23 +02:00
|
|
|
concat::fragment { "iptables_v4_${portname}":
|
2021-05-25 04:12:28 +02:00
|
|
|
target => '/etc/iptables/rules.v4',
|
|
|
|
order => $order,
|
2022-01-22 01:17:15 +01:00
|
|
|
content => "-A INPUT -p ${proto} --dport ${portname} -j ACCEPT -m comment --comment \"${name}\"\n",
|
2021-05-25 04:12:28 +02:00
|
|
|
}
|
2021-08-24 23:11:36 +02:00
|
|
|
|
|
|
|
concat::fragment { "iptables_v6_${portname}":
|
|
|
|
target => '/etc/iptables/rules.v6',
|
|
|
|
order => $order,
|
2022-01-22 01:17:15 +01:00
|
|
|
content => "-A INPUT -p ${proto} --dport ${portname} -j ACCEPT -m comment --comment \"${name}\"\n",
|
2021-08-24 23:11:36 +02:00
|
|
|
}
|
2021-05-25 04:12:28 +02:00
|
|
|
}
|