Defined Type: nftables::rules::snat4

Defined in:
manifests/rules/snat4.pp

Summary

manage a ipv4 snat rule

Overview

Parameters:

  • snat (String[1])
  • rulename (Pattern[/^[a-zA-Z0-9_]+$/]) (defaults to: $title)
  • order (Pattern[/^\d\d$/]) (defaults to: '70')
  • chain (String[1]) (defaults to: 'POSTROUTING')
  • oif (Optional[String[1]]) (defaults to: undef)
  • saddr (Optional[String[1]]) (defaults to: undef)
  • proto (Optional[Enum['tcp','udp']]) (defaults to: undef)
  • dport (Optional[Variant[String,Stdlib::Port]]) (defaults to: undef)
  • ensure (Enum['present','absent']) (defaults to: 'present') 


2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
 
# File 'manifests/rules/snat4.pp', line 2

define nftables::rules::snat4 (
  # lint:ignore:parameter_documentation
  String[1] $snat,
  Pattern[/^[a-zA-Z0-9_]+$/] $rulename = $title,
  Pattern[/^\d\d$/] $order = '70',
  String[1] $chain = 'POSTROUTING',
  Optional[String[1]] $oif = undef,
  Optional[String[1]] $saddr = undef,
  Optional[Enum['tcp','udp']] $proto = undef,
  Optional[Variant[String,Stdlib::Port]] $dport = undef,
  Enum['present','absent'] $ensure = 'present',
  # lint:endignore
) {
  $oifname = $oif ? {
    undef   => '',
    default => "oifname ${oif} ",
  }
  $src = $saddr ? {
    undef   => '',
    default => "ip saddr ${saddr} ",
  }

  if $proto and $dport {
    $protocol = ''
    $port     = "${proto} dport ${dport} "
  } elsif $proto {
    $protocol = "${proto} "
    $port     = ''
  } elsif $dport {
    $protocol = ''
    $port     = "tcp dport ${dport} "
  } else {
    $protocol = ''
    $port     = ''
  }

  nftables::rule {
    "${chain}-${rulename}":
      ensure  => $ensure,
      table   => "ip-${nftables::nat_table_name}",
      order   => $order,
      content => "${oifname}${src}${protocol}${port}snat ${snat}";
  }
}