Puppet Class: nftables::bridges

Defined in:
manifests/bridges.pp

Overview

allow forwarding traffic on bridges

Parameters:

  • ensure (Enum['present','absent']) (defaults to: 'present')
  • bridgenames (Regexp) (defaults to: /^br.+/) 


2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
 
# File 'manifests/bridges.pp', line 2

class nftables::bridges (
  # lint:ignore:parameter_documentation
  Enum['present','absent'] $ensure = 'present',
  Regexp $bridgenames = /^br.+/
  # lint:endignore
) {
  if $ensure == 'present' {
    $interfaces = keys($facts['networking']['interfaces'])
    $bridges = $interfaces.filter |$items| { $items =~ $bridgenames }

    $bridges.each |String $bridge| {
      $bridge_rulename = regsubst($bridge, '-|:', '_', 'G')
      nftables::rule { "default_fwd-bridge_${bridge_rulename}_${bridge_rulename}":
        order   => '08',
        content => "iifname ${bridge} oifname ${bridge} accept",
      }
    }
  }
}