Defined Type: nftables::rules::dnat4

Defined in:
manifests/rules/dnat4.pp

Overview

manage a ipv4 dnat rule

Parameters:

  • daddr (Pattern[/^[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}$/])
  • port (Variant[String,Stdlib::Port])
  • rulename (Pattern[/^[a-zA-Z0-9_]+$/]) (defaults to: $title)
  • order (Pattern[/^\d\d$/]) (defaults to: '50')
  • chain (String[1]) (defaults to: 'default_fwd')
  • iif (Optional[String[1]]) (defaults to: undef)
  • proto (Enum['tcp','udp']) (defaults to: 'tcp')
  • dport (Optional[Variant[String,Stdlib::Port]]) (defaults to: undef)
  • ensure (Enum['present','absent']) (defaults to: 'present') 


2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
 
# File 'manifests/rules/dnat4.pp', line 2

define nftables::rules::dnat4 (
  # lint:ignore:parameter_documentation
  Pattern[/^[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}$/] $daddr,
  Variant[String,Stdlib::Port] $port,
  Pattern[/^[a-zA-Z0-9_]+$/] $rulename = $title,
  Pattern[/^\d\d$/] $order = '50',
  String[1] $chain = 'default_fwd',
  Optional[String[1]] $iif = undef,
  Enum['tcp','udp'] $proto = 'tcp',
  Optional[Variant[String,Stdlib::Port]] $dport = undef,
  Enum['present','absent'] $ensure = 'present',
  # lint:endignore
) {
  $iifname = $iif ? {
    undef   => '',
    default => "iifname ${iif} ",
  }
  $filter_port = $dport ? {
    undef   => $port,
    default => $dport,
  }
  $nat_port = $dport ? {
    undef   => '',
    default => ":${dport}",
  }

  nftables::rule {
    default:
      ensure => $ensure,
      order  => $order;
    "${chain}-${rulename}":
      content => "${iifname}ip daddr ${daddr} ${proto} dport ${filter_port} accept";
    "PREROUTING-${rulename}":
      table   => "ip-${nftables::nat_table_name}",
      content => "${iifname}${proto} dport ${port} dnat to ${daddr}${nat_port}";
  }
}