From 4bc3a128ace20cd105110f3acfcde7c0419e0ecf Mon Sep 17 00:00:00 2001
From: Micke Nordin <kano@sunet.se>
Date: Tue, 24 Dec 2024 09:51:57 +0100
Subject: [PATCH] Open ports

---
 manifests/multinode.pp | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/manifests/multinode.pp b/manifests/multinode.pp
index 0ba70ad..40d55dd 100644
--- a/manifests/multinode.pp
+++ b/manifests/multinode.pp
@@ -407,10 +407,18 @@ MACAddressPolicy=none'
       content => template('sunetdrive/multinode/complete_reinstall.erb.sh'),
       mode    => '0744',
     }
-    # Open ports
-    sunet::misc::ufw_allow { "https_port_${customer}":
-      from => '0.0.0.0',
-      port => $https_port,
+    if $::facts['sunet_nftables_enabled'] == 'yes' {
+      sunet::nftables::docker_expose { "https_port_${customer}":
+        allow_clients => '0.0.0.0',
+        port          => $https_port,
+        iif           => 'ens3',
+      }
+    } else {
+      # Open ports
+      sunet::misc::ufw_allow { "https_port_${customer}":
+        from => '0.0.0.0',
+        port => $https_port,
+      }
     }
   }
 }