Defined Type: nftables::rules::dnat4
- Defined in:
- manifests/rules/dnat4.pp
Overview
manage a ipv4 dnat rule
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
# File 'manifests/rules/dnat4.pp', line 2
define nftables::rules::dnat4 (
# lint:ignore:parameter_documentation
Pattern[/^[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}$/] $daddr,
Variant[String,Stdlib::Port] $port,
Pattern[/^[a-zA-Z0-9_]+$/] $rulename = $title,
Pattern[/^\d\d$/] $order = '50',
String[1] $chain = 'default_fwd',
Optional[String[1]] $iif = undef,
Enum['tcp','udp'] $proto = 'tcp',
Optional[Variant[String,Stdlib::Port]] $dport = undef,
Enum['present','absent'] $ensure = 'present',
# lint:endignore
) {
$iifname = $iif ? {
undef => '',
default => "iifname ${iif} ",
}
$filter_port = $dport ? {
undef => $port,
default => $dport,
}
$nat_port = $dport ? {
undef => '',
default => ":${dport}",
}
nftables::rule {
default:
ensure => $ensure,
order => $order;
"${chain}-${rulename}":
content => "${iifname}ip daddr ${daddr} ${proto} dport ${filter_port} accept";
"PREROUTING-${rulename}":
table => "ip-${nftables::nat_table_name}",
content => "${iifname}${proto} dport ${port} dnat to ${daddr}${nat_port}";
}
}
|