- ip = case family
- when "inet" then "ip"
- when "inet6" then "ip6"
- end
-
- proto = new_resource.proto
-
- if new_resource.source_ports
- rule << "#{proto} sport { #{nftables_source_ports} }"
- end
-
- if new_resource.dest_ports
- rule << "#{proto} dport { #{nftables_dest_ports} }"
- end
-
- if new_resource.source == "osm"
- rule << "#{ip} saddr @#{ip}-osm-addresses"
- elsif new_resource.source =~ /^net:(.*)$/
- addresses = Regexp.last_match(1).split(",").join(", ")
-
- rule << "#{ip} saddr { #{addresses} }"
- end