Révision 03d9e7da

« Précédent | Suivant »

Ajouté par Steve Traylen il y a plus de 4 ans

New parameter noflush_tables to selectivly skip flush

Introduces a new structured fact nftables

```yaml
nftables:
tables:
- inet-filter
- ip-nat
- ip6-nat
- inet-f2b-table
```

By default the nft script will continue to contain `nft flush ruleset`

If noflush_tables is specified e.g.

```puppet
class{nftables:
noflush_tables => ['inet-f2b-table'],
}
```
the results script will explicity flush the other tables only.
i.e.

```
flush table inet filter
flush table ip nat
flush table ip6 nat
```

Motivation here is to allow a maintence of chain to managed by something else.
This example for fail2ban but could be docker, ...

puppet nftables