Puppet Class: nftables::rules::out::dns

Defined in:
manifests/rules/out/dns.pp

Summary

manage out dns

Overview

Parameters:

  • dns_server (Array[Stdlib::IP::Address]) (defaults to: [])

    specify dns_server name



3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
 
# File 'manifests/rules/out/dns.pp', line 3

class nftables::rules::out::dns (
  Array[Stdlib::IP::Address] $dns_server = [],
) {
  unless empty($dns_server) {
    $dns_server.each |$index,$dns| {
      $content = $dns ? {
        Stdlib::IP::Address::V6 => "ip6 daddr ${dns}",
        Stdlib::IP::Address::V4 => "ip daddr ${dns}",
      }
      nftables::rule { "default_out-dnstcp-${index}":
        content => "${content} tcp dport 53 accept",
      }
      nftables::rule { "default_out-dnsudp-${index}":
        content => "${content} udp dport 53 accept",
      }
    }
  } else {
    nftables::rule {
      'default_out-dnsudp':
        content => 'udp dport 53 accept';
      'default_out-dnstcp':
        content => 'tcp dport 53 accept';
    }
  }
}