Defined Type: nftables::rules::masquerade
- Defined in:
- manifests/rules/masquerade.pp
Overview
masquerade all outgoing traffic
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 |
# File 'manifests/rules/masquerade.pp', line 2
define nftables::rules::masquerade (
# lint:ignore:parameter_documentation
Pattern[/^[a-zA-Z0-9_]+$/] $rulename = $title,
Pattern[/^\d\d$/] $order = '70',
String[1] $chain = 'POSTROUTING',
Optional[String[1]] $oif = undef,
Optional[String[1]] $saddr = undef,
Optional[String[1]] $daddr = undef,
Optional[Enum['tcp','udp']] $proto = undef,
Optional[Variant[String,Stdlib::Port]] $dport = undef,
Enum['present','absent'] $ensure = 'present',
# lint:endignore
) {
$oifname = $oif ? {
undef => '',
default => "oifname ${oif} ",
}
$src = $saddr ? {
undef => '',
default => "ip saddr ${saddr} ",
}
$dst = $daddr ? {
undef => '',
default => "ip daddr ${daddr} ",
}
if $proto and $dport {
$protocol = ''
$port = "${proto} dport ${dport} "
} elsif $proto {
$protocol = "${proto} "
$port = ''
} elsif $dport {
$protocol = ''
$port = "tcp dport ${dport} "
} else {
$protocol = ''
$port = ''
}
nftables::rule {
"${chain}-${rulename}":
ensure => $ensure,
table => "ip-${nftables::nat_table_name}",
order => $order,
content => "${oifname}${src}${dst}${protocol}${port}masquerade";
}
}
|