Puppet Class: nomad_cni::firewall::chain

Defined in:
manifests/firewall/chain.pp

Overview

Class: nomad_cni::firewall::chain

Parameters

provider

Array[Enum[‘iptables’, ‘ip6tables’]]

Iptables providers: [‘iptables’, ‘ip6tables’]

rule_order

Nomad_cni::Digits

Iptables rule order

Parameters:

  • provider (Array[Enum['iptables', 'ip6tables']])
  • rule_order (Nomad_cni::Digits) 


12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
 
# File 'manifests/firewall/chain.pp', line 12

class nomad_cni::firewall::chain (
  Array[Enum['iptables', 'ip6tables']] $provider,
  Nomad_cni::Digits $rule_order,
) {
  $provider.each |$iptables_provider| {
    $chain_proto = $iptables_provider ? {
      'iptables'  => 'IPv4',
      'ip6tables' => 'IPv6',
    }
    firewallchain { ["CNI-ISOLATION-INPUT:filter:${chain_proto}", "CNI-ISOLATION-POSTROUTING:nat:${chain_proto}"]:
      ensure => present,
      purge  => true,
    }
    firewall {
      default:
        proto    => all,
        state    => ['NEW'],
        provider => $iptables_provider;
      "${rule_order} jump to CNI-ISOLATION-INPUT chain for ${iptables_provider}":
        chain => 'INPUT',
        jump  => 'CNI-ISOLATION-INPUT';
      "${rule_order} jump to CNI-ISOLATION-POSTROUTING chain for ${iptables_provider}":
        chain => 'POSTROUTING',
        table => 'nat',
        jump  => 'CNI-ISOLATION-POSTROUTING';
    }
  }
}