Puppet Class: nftables::rules::dns

Defined in:
manifests/rules/dns.pp

Summary

manage in dns

Overview

Examples:

Allow access to stub dns resolver from docker containers

class { 'nftables::rules::dns':
  iifname => ['docker0'],
}

Parameters:

  • ports (Array[Stdlib::Port,1]) (defaults to: [53])

    Specify ports for dns.

  • iifname (Optional[Array[String[1],1]]) (defaults to: undef)

    Specify input interface names.



10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
 
# File 'manifests/rules/dns.pp', line 10

class nftables::rules::dns (
  Array[Stdlib::Port,1] $ports = [53],
  Optional[Array[String[1],1]] $iifname = undef,
) {
  $_iifname = $iifname ? {
    Undef   => '',
    default => "iifname {${join($iifname, ', ')}} ",
  }

  nftables::rule {
    'default_in-dns_tcp':
      content => "${_iifname}tcp dport {${join($ports,', ')}} accept";
    'default_in-dns_udp':
      content => "${_iifname}udp dport {${join($ports,', ')}} accept";
  }
}