open just allowed ports

SUNET · Aug 29, 2024 · 7135fb8 · 7135fb8
1 parent e20ff33
commit 7135fb8
Showing 1 changed file with 12 additions and 3 deletions.
diff --git a/manifests/nftables/docker_expose.pp b/manifests/nftables/docker_expose.pp
@@ -52,9 +52,18 @@
           notify => Service['nftables'],
           ;
       }
-      sunet::nftables::allow { "expose-allow-${safe_name}":
-        from => 'any',
-        port => $port,
+      if ($allow_clients =~ Array[String, 1]) or ($allow_clients =~ String[1]) {
+        sunet::nftables::allow { "expose-allow-${safe_name}":
+          from => $allow_clients,
+          port => $port,
+          proto => $proto,
+        }
+      } else {
+          sunet::nftables::allow { "expose-allow-${safe_name}":
+            from => any,
+            port => $port,
+            proto => $proto,
+          }
       }
   }
 }