firewall with multiple source/destination

asked 2015-06-08 08:28:01 -0600

du477 gravatar image

Hi,

we are trying create firewall rule with multiple subnets, for example:

firewall { '100 allow ssh': dport = 22, source => [ '10.123.8.0/24', '10.123.46.0/24' ] },

but this pass only firs subnet into iptables rule.

We replaced it using multiple rules:

define sshrule { $subnet = $title; firewall { "100 allow ssh for $subnet": dport = 22, source => $subnet } } ;

sshrule{ $subnets: }

So our question is if aproach with same numeric prefix of the rule is valid? We are getting list of subnets from hiera, e.g.: $subnets = hiera('ssh_subnets'), and we cannot simply write rules one by one for each subnet due multiple environments.

edit retag flag offensive close merge delete