Defined Type: selinux::port
- Defined in:
- manifests/port.pp
Overview
selinux::port
This method will manage a local network port context setting, and will persist it across reboots.
20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 |
# File 'manifests/port.pp', line 20
define selinux::port (
String $seltype,
Enum['tcp', 'udp'] $protocol,
Optional[Integer[1,65535]] $port = undef,
Optional[Tuple[Integer[1,65535], 2, 2]] $port_range = undef,
Enum['present', 'absent'] $ensure = 'present',
) {
include ::selinux
if $ensure == 'present' {
Anchor['selinux::module post']
-> Selinux::Port[$title]
-> Anchor['selinux::end']
} elsif $ensure == 'absent' {
Class['selinux::config']
-> Selinux::Port[$title]
-> Anchor['selinux::module pre']
} else {
fail('Unexpected $ensure value')
}
if ($port == undef and $port_range == undef) {
fail("You must define either 'port' or 'port_range'")
}
if ($port != undef and $port_range != undef) {
fail("You can't define both 'port' and 'port_range'")
}
$range = $port_range ? {
undef => [$port, $port],
default => $port_range,
}
# this can only happen if port_range is used
if $range[0] > $range[1] {
fail("Malformed port range: ${port_range}")
}
selinux_port {"${protocol}_${range[0]}-${range[1]}":
ensure => $ensure,
low_port => $range[0],
high_port => $range[1],
seltype => $seltype,
protocol => $protocol,
}
}
|