end
if new_resource.source == "osm"
- rule << "#{ip} saddr { $#{ip}-osm-addresses }"
+ rule << "#{ip} saddr @#{ip}-osm-addresses"
elsif new_resource.source =~ /^net:(.*)$/
addresses = Regexp.last_match(1).split(",").join(", ")
end
if new_resource.dest == "osm"
- rule << "#{ip} daddr $#{ip}-osm-addresses"
+ rule << "#{ip} daddr @#{ip}-osm-addresses"
elsif new_resource.dest =~ /^net:(.*)$/
addresses = Regexp.last_match(1).split(",").join(", ")
define ip-private-addresses = { 10.0.0.0/8, 127.0.0.0/8, 169.254.0.0/16, 172.16.0.0/12, 192.0.2.0/24, 192.168.0.0/16 }
define ip6-private-addresses = { 2001:db8::/32, fc00::/7 }
-define ip-osm-addresses = { <%= Array(@hosts["inet"]).sort.join(", ") %> }
-define ip6-osm-addresses = { <%= Array(@hosts["inet6"]).sort.join(", ") %> }
-
flush ruleset
table inet filter {
+ set ip-osm-addresses {
+ type ipv4_addr
+ elements = { <%= Array(@hosts["inet"]).sort.join(", ") %> }
+ }
+
+ set ip6-osm-addresses {
+ type ipv6_addr
+ elements = { <%= Array(@hosts["inet6"]).sort.join(", ") %> }
+ }
+
set ip-blacklist {
type ipv4_addr
flags dynamic
projects / chef.git / commitdiff