Defined Type: nftables::helper

Defined in:
manifests/helper.pp

Summary

manage a conntrack helper

Overview

Examples:

FTP helper

nftables::helper { 'ftp-standard':
  content => 'type "ftp" protocol tcp;',
}

Parameters:

  • content (String)

    Conntrack helper definition.

  • table (Pattern[/^(ip|ip6|inet)-[a-zA-Z0-9_]+$/]) (defaults to: 'inet-filter')

    The name of the table to add this helper to.

  • helper (Pattern[/^[a-zA-Z0-9_][A-z0-9_-]*$/]) (defaults to: $title)

    The symbolic name for the helper.



14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
 
# File 'manifests/helper.pp', line 14

define nftables::helper (
  String $content,
  Pattern[/^(ip|ip6|inet)-[a-zA-Z0-9_]+$/] $table = 'inet-filter',
  Pattern[/^[a-zA-Z0-9_][A-z0-9_-]*$/] $helper = $title,
) {
  $concat_name = "nftables-${table}-helper-${helper}"

  concat {
    $concat_name:
      path           => "/etc/nftables/puppet-preflight/${table}-helper-${helper}.nft",
      owner          => root,
      group          => root,
      mode           => $nftables::default_config_mode,
      ensure_newline => true,
      require        => Package['nftables'],
  } ~> Exec['nft validate'] -> file {
    "/etc/nftables/puppet/${table}-helper-${helper}.nft":
      ensure => file,
      source => "/etc/nftables/puppet-preflight/${table}-helper-${helper}.nft",
      owner  => root,
      group  => root,
      mode   => $nftables::default_config_mode,
  } ~> Service['nftables']

  concat::fragment {
    default:
      target => $concat_name;
    "${concat_name}-header":
      order   => '00',
      content => "# Start of fragment order:00 ${helper} header\nct helper ${helper} {";
    "${concat_name}-body":
      order   => '98',
      content => $content;
    "${concat_name}-footer":
      order   => '99',
      content => "# Start of fragment order:99 ${helper} footer\n}";
  }
}