port_forward: Combine IPv4 and IPv6 rule specifications

66ff0224 · James T. Lee · 3d6ba47e · 66ff0224
Commit 66ff0224 authored Nov 28, 2020 by James T. Lee
Hide whitespace changes
Inline Side-by-side

Showing with 43 additions and 63 deletions

manifests/lib/port_forward.pp manifests/lib/port_forward.pp +43 -63

No files found.
--- a/manifests/lib/port_forward.pp
+++ b/manifests/lib/port_forward.pp
@@ -6,75 +6,55 @@ define nest::lib::port_forward (
  Optional[Stdlib::IP::Address::V6] $source_ip6,
  Optional[Stdlib::IP::Address::V6] $destination_ip6,
 ) {
-  if $source_ip4 and $destination_ip4 {
+  $combined_spec = {
-    firewall {
+    'v4' => {
-      default:
+      'source'      => $source_ip4,
-        provider => iptables,
+      'destination' => $destination_ip4,
-      ;
+      'provider'    => iptables,
+    },
-      "100 ${name} dnat (v4)":
+    'v6' => {
-        table       => nat,
+      'source'      => $source_ip6,
-        chain       => 'PREROUTING',
+      'destination' => $destination_ip6,
-        destination => $source_ip4,
+      'provider'    => ip6tables,
-        proto       => $proto,
+    },
-        dport       => $port,
-        jump        => 'DNAT',
-        todest      => $destination_ip4,
-      ;
-      "100 ${name} (v4)":
-        chain       => 'FORWARD',
-        destination => $destination_ip4,
-        proto       => $proto,
-        dport       => $port,
-        action      => accept,
-      ;
-      "100 ${name} snat (v4)":
-        table       => nat,
-        chain       => 'POSTROUTING',
-        destination => $destination_ip4,
-        proto       => $proto,
-        sport       => $port,
-        jump        => 'SNAT',
-        tosource    => $source_ip4,
-      ;
-    }
  }
-  if $source_ip6 and $destination_ip6 {
+  $combined_spec.each |$comment, $spec| {
-    firewall {
+    if $spec['source'] and $spec['destination'] {
-      default:
+      firewall {
-        provider => ip6tables,
+        default:
-      ;
+          provider => $spec['provider'],
+        ;
-      "100 ${name} dnat (v6)":
+        "100 ${name} dnat (${comment})":
-        table       => nat,
+          table       => nat,
-        chain       => 'PREROUTING',
+          chain       => 'PREROUTING',
-        destination => $source_ip6,
+          destination => $spec['source'],
-        proto       => $proto,
+          proto       => $proto,
-        dport       => $port,
+          dport       => $port,
-        jump        => 'DNAT',
+          jump        => 'DNAT',
-        todest      => $destination_ip6,
+          todest      => $spec['destination'],
-      ;
+        ;
-      "100 ${name} (v6)":
+        "100 ${name} (${comment})":
-        chain       => 'FORWARD',
+          chain       => 'FORWARD',
-        destination => $destination_ip6,
+          destination => $spec['destination'],
-        proto       => $proto,
+          proto       => $proto,
-        dport       => $port,
+          dport       => $port,
-        action      => accept,
+          action      => accept,
-      ;
+        ;
-      "100 ${name} snat (v6)":
+        "100 ${name} snat (${comment})":
-        table       => nat,
+          table       => nat,
-        chain       => 'POSTROUTING',
+          chain       => 'POSTROUTING',
-        destination => $destination_ip6,
+          destination => $spec['destination'],
-        proto       => $proto,
+          proto       => $proto,
-        sport       => $port,
+          sport       => $port,
-        jump        => 'SNAT',
+          jump        => 'SNAT',
-        tosource    => $source_ip6,
+          tosource    => $spec['source'],
-      ;
+        ;
+      }
    }
  }
 }