Merge pull request #198 from bastelfreak/mlds

Add rule for multicast listener requests (MLDv2)

REFERENCE.md

@@ -51,6 +51,7 @@ and Manager Daemons (MGR).
 * [`nftables::rules::out::imap`](#nftables--rules--out--imap): allow outgoing imap
 * [`nftables::rules::out::kerberos`](#nftables--rules--out--kerberos): allows outbound access for kerberos
 * [`nftables::rules::out::ldap`](#nftables--rules--out--ldap): manage outgoing ldap
+* [`nftables::rules::out::mldv2`](#nftables--rules--out--mldv2): allow multicast listener requests
 * [`nftables::rules::out::mysql`](#nftables--rules--out--mysql): manage out mysql
 * [`nftables::rules::out::nfs`](#nftables--rules--out--nfs): manage out nfs
 * [`nftables::rules::out::nfs3`](#nftables--rules--out--nfs3): manage out nfs3
@@ -906,6 +907,10 @@ ldapserver ports
 
 Default value: `[389, 636]`
 
+### <a name="nftables--rules--out--mldv2"></a>`nftables::rules::out::mldv2`
+
+allow multicast listener requests
+
 ### <a name="nftables--rules--out--mysql"></a>`nftables::rules::out::mysql`
 
 manage out mysql

manifests/rules/out/mldv2.pp

@@ -0,0 +1,6 @@
+# @summary allow multicast listener requests
+class nftables::rules::out::mldv2 {
+  nftables::rule { 'default_out-mld':
+    content => 'ip6 daddr { ff02::16 } accept',
+  }
+}

spec/acceptance/all_rules_spec.rb

@@ -89,6 +89,7 @@ class { 'nftables':
       include nftables::rules::mdns
       include nftables::rules::igmp
       include nftables::rules::out::igmp
+      include nftables::rules::out::mldv2
       include nftables::services::dhcpv6_client
       include nftables::services::openafs_client
       nftables::set{'my_test_set':