Puppet Class: nftables::rules::llmnr

Defined in:
manifests/rules/llmnr.pp

Summary

allow incoming Link-Local Multicast Name Resolution

Overview

Parameters:

  • ipv4 (Boolean) (defaults to: true)

    Allow LLMNR over IPv4

  • ipv6 (Boolean) (defaults to: true)

    Allow LLMNR over IPv6

  • iifname (Array[String[1]]) (defaults to: [])

    optional list of incoming interfaces to filter on

See Also:

Author:

  • Tim Meusel <tim@bastelfreak.de>



12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'manifests/rules/llmnr.pp', line 12

class nftables::rules::llmnr (
  Boolean $ipv4 = true,
  Boolean $ipv6 = true,
  Array[String[1]] $iifname = [],
) {
  if empty($iifname) {
    $_iifname = ''
  } else {
    $iifdata = $iifname.map |String[1] $interface| { "\"${interface}\"" }.join(', ')
    $_iifname = "iifname { ${iifdata} } "
  }
  if $ipv4 {
    nftables::rule { 'default_in-llmnr_v4':
      content => "${_iifname}ip daddr 224.0.0.252 udp dport 5355 accept comment \"allow LLMNR\"",
    }
  }
  if $ipv6 {
    nftables::rule { 'default_in-llmnr_v6':
      content => "${_iifname}ip6 daddr ff02::1:3 udp dport 5355 accept comment \"allow LLMNR\"",
    }
  }
}