Puppet Class: nomad_cni::firewall::vxlan
- Defined in:
- manifests/firewall/vxlan.pp
Overview
Class: nomad_cni::firewall::vxlan
Parameters
- interface
-
String
Name of the network Interface to NAT
- provider
-
Enum[‘iptables’, ‘ip6tables’]
Iptables provider: iptables or ip6tables
- rule_order
-
Nomad_cni::Digits
Iptables rule order
15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 |
# File 'manifests/firewall/vxlan.pp', line 15
class nomad_cni::firewall::vxlan (
Nomad_cni::Digits $rule_order,
Array[Enum['iptables', 'ip6tables']] $provider,
String $interface,
) {
assert_private()
$provider.each |$iptables_provider| {
$ip_address = $iptables_provider ? {
'iptables' => $facts['networking']['interfaces'][$interface]['ip'],
'ip6tables' => $facts['networking']['interfaces'][$interface]['ip6'],
}
@@firewall { "${rule_order} allow traffic on UDP port 4789 through ${interface} from ${ip_address} using provider ${iptables_provider}":
tag => "${module_name}_fw_${facts['agent_specified_environment']}",
action => accept,
chain => 'CNI-ISOLATION-INPUT',
dport => 4789,
proto => udp,
provider => $iptables_provider,
source => $ip_address;
}
}
Firewall <<| tag == "${module_name}_fw_${facts['agent_specified_environment']}" |>>
}
|