/REFERENCE.md - Diff - puppet nftables - Koumbit's Redmine

Révision 09cba182

ID	09cba1822af345c6fe7d4db1a49921f12a53cb31
Parent	6587545a
Enfant	e2031b31

Ajouté par Steve Traylen il y a plus de 4 ans

Enable parameter_documentation lint

The linter checks that every parameter has been documented.

While corrections have been made to great many classes some more
complicated examples have been left for now. Should be updated
as the files get touched.

https://github.com/domcleal/puppet-lint-param-docs

     * [`nftables::ip_nat`](#nftablesip_nat): manage basic chains in table ip nat
     * [`nftables::rules::afs3_callback`](#nftablesrulesafs3_callback): Open call back port for AFS clients
     * [`nftables::rules::ceph`](#nftablesrulesceph): Ceph is a distributed object store and file system. Enable this to support Ceph's Object Storage Daemons (OSD), Metadata Server Daemons (MDS)
     * [`nftables::rules::ceph_mon`](#nftablesrulesceph_mon): Ceph is a distributed object store and file system. Enable this option to support Ceph's Monitor Daemon.
     * [`nftables::rules::dhcpv6_client`](#nftablesrulesdhcpv6_client)
     * [`nftables::rules::ceph_mon`](#nftablesrulesceph_mon): Ceph is a distributed object store and file system.
     Enable this option to support Ceph's Monitor Daemon.
     * [`nftables::rules::dhcpv6_client`](#nftablesrulesdhcpv6_client): allow DHCPv6 requests in to a host
     * [`nftables::rules::dns`](#nftablesrulesdns): manage in dns
     * [`nftables::rules::http`](#nftablesruleshttp): manage in http
     * [`nftables::rules::https`](#nftablesruleshttps): manage in https
-...
     * [`nftables::rules::ospf`](#nftablesrulesospf): manage in ospf
     * [`nftables::rules::ospf3`](#nftablesrulesospf3): manage in ospf3
     * [`nftables::rules::out::all`](#nftablesrulesoutall): allow all outbound
     * [`nftables::rules::out::ceph_client`](#nftablesrulesoutceph_client): Ceph is a distributed object store and file system. Enable this to be a client of Ceph's Monitor (MON), Object Storage Daemons (OSD), Metadat
     * [`nftables::rules::out::ceph_client`](#nftablesrulesoutceph_client): Ceph is a distributed object store and file system.
     Enable this to be a client of Ceph's Monitor (MON),
     Object Storage Daemons (OSD), Metadata Server Daemons (MDS),
     and Manager Daemons (MGR).
     * [`nftables::rules::out::chrony`](#nftablesrulesoutchrony): manage out chrony
     * [`nftables::rules::out::dhcp`](#nftablesrulesoutdhcp): manage out dhcp
     * [`nftables::rules::out::dhcpv6_client`](#nftablesrulesoutdhcpv6_client)
     * [`nftables::rules::out::dhcpv6_client`](#nftablesrulesoutdhcpv6_client): Allow DHCPv6 requests out of a host
     * [`nftables::rules::out::dns`](#nftablesrulesoutdns): manage out dns
     * [`nftables::rules::out::http`](#nftablesrulesouthttp): manage out http
     * [`nftables::rules::out::https`](#nftablesrulesouthttps): manage out https
     * [`nftables::rules::out::icmp`](#nftablesrulesouticmp)
     * [`nftables::rules::out::icmp`](#nftablesrulesouticmp): control outbound icmp packages
     * [`nftables::rules::out::kerberos`](#nftablesrulesoutkerberos): allows outbound access for kerberos
     * [`nftables::rules::out::mysql`](#nftablesrulesoutmysql): manage out mysql
     * [`nftables::rules::out::nfs`](#nftablesrulesoutnfs): manage out nfs
     * [`nftables::rules::out::nfs3`](#nftablesrulesoutnfs3): manage out nfs3
     * [`nftables::rules::out::openafs_client`](#nftablesrulesoutopenafs_client): allows outbound access for afs clients
 - afs3-fileserver
 - afs3-ptserver
 - vlserver
     * [`nftables::rules::out::ospf`](#nftablesrulesoutospf): manage out ospf
     * [`nftables::rules::out::ospf3`](#nftablesrulesoutospf3): manage out ospf3
     * [`nftables::rules::out::postgres`](#nftablesrulesoutpostgres): manage out postgres
-...
     * [`nftables::rules::ssh`](#nftablesrulesssh): manage in ssh
     * [`nftables::rules::tor`](#nftablesrulestor): manage in tor
     * [`nftables::rules::wireguard`](#nftablesruleswireguard): manage in wireguard
     * [`nftables::services::dhcpv6_client`](#nftablesservicesdhcpv6_client)
     * [`nftables::services::openafs_client`](#nftablesservicesopenafs_client)
     * [`nftables::services::dhcpv6_client`](#nftablesservicesdhcpv6_client): Allow in and outbound traffic for DHCPv6 server
     * [`nftables::services::openafs_client`](#nftablesservicesopenafs_client): Open inbound and outbound ports for an AFS client
     ### Defined types
-...
     ## Classes
     ### `nftables`
     ### <a name="nftables"></a>`nftables`
     Configure nftables
-...
     #### Parameters
     The following parameters are available in the `nftables` class.
     ##### `out_all`
     The following parameters are available in the `nftables` class:
     * [`out_all`](#out_all)
     * [`out_ntp`](#out_ntp)
     * [`out_http`](#out_http)
     * [`out_dns`](#out_dns)
     * [`out_https`](#out_https)
     * [`out_icmp`](#out_icmp)
     * [`in_ssh`](#in_ssh)
     * [`in_icmp`](#in_icmp)
     * [`nat`](#nat)
     * [`sets`](#sets)
     * [`log_prefix`](#log_prefix)
     * [`log_limit`](#log_limit)
     * [`reject_with`](#reject_with)
     * [`in_out_conntrack`](#in_out_conntrack)
     * [`fwd_conntrack`](#fwd_conntrack)
     * [`firewalld_enable`](#firewalld_enable)
     * [`noflush_tables`](#noflush_tables)
     * [`rules`](#rules)
     ##### <a name="out_all"></a>`out_all`
     Data type: `Boolean`
-...
     Default value: ``false``
     ##### `out_ntp`
     ##### <a name="out_ntp"></a>`out_ntp`
     Data type: `Boolean`
-...
     Default value: ``true``
     ##### `out_http`
     ##### <a name="out_http"></a>`out_http`
     Data type: `Boolean`
-...
     Default value: ``true``
     ##### `out_https`
     ##### <a name="out_dns"></a>`out_dns`
     Data type: `Boolean`
     Allow outbound to https servers.
     Allow outbound to dns servers.
     Default value: ``true``
     ##### `out_https`
     ##### <a name="out_https"></a>`out_https`
     Data type: `Boolean`
     Allow outbound to https servers.
     Default value: ``true``
     ##### `out_icmp`
     ##### <a name="out_icmp"></a>`out_icmp`
     Data type: `Boolean`
-...
     Default value: ``true``
     ##### `in_ssh`
     ##### <a name="in_ssh"></a>`in_ssh`
     Data type: `Boolean`
-...
     Default value: ``true``
     ##### `in_icmp`
     ##### <a name="in_icmp"></a>`in_icmp`
     Data type: `Boolean`
-...
     Default value: ``true``
     ##### `nat`
     ##### <a name="nat"></a>`nat`
     Data type: `Boolean`
-...
     Default value: ``true``
     ##### `sets`
     ##### <a name="sets"></a>`sets`
     Data type: `Hash`
-...
     Default value: `{}`
     ##### `log_prefix`
     ##### <a name="log_prefix"></a>`log_prefix`
     Data type: `String`
-...
     Default value: `'[nftables] %<chain>s %<comment>s'`
     ##### `log_limit`
     ##### <a name="log_limit"></a>`log_limit`
     Data type: `Variant[Boolean[false], String]`
-...
     Default value: `'3/minute burst 5 packets'`
     ##### `reject_with`
     ##### <a name="reject_with"></a>`reject_with`
     Data type: `Variant[Boolean[false], Pattern[/icmp(v6|x)? type .+|tcp reset/]]`
-...
     Default value: `'icmpx type port-unreachable'`
     ##### `in_out_conntrack`
     ##### <a name="in_out_conntrack"></a>`in_out_conntrack`
     Data type: `Boolean`
-...
     Default value: ``true``
     ##### `fwd_conntrack`
     ##### <a name="fwd_conntrack"></a>`fwd_conntrack`
     Data type: `Boolean`
-...
     Default value: ``false``
     ##### `firewalld_enable`
     ##### <a name="firewalld_enable"></a>`firewalld_enable`
     Data type: `Variant[Boolean[false], Enum['mask']]`
-...
     Default value: `'mask'`
     ##### `noflush_tables`
     ##### <a name="noflush_tables"></a>`noflush_tables`
     Data type: `Optional[Array[Pattern[/^(ip|ip6|inet)-[-a-zA-Z0-9_]+$/],1]]`
-...
     Default value: ``undef``
     ##### `out_dns`
     Data type: `Boolean`
     Default value: ``true``
     ##### `rules`
     ##### <a name="rules"></a>`rules`
     Data type: `Hash`
     Specify hashes of `nftables::rule`s via hiera
     Default value: `{}`
     ### `nftables::bridges`
     ### <a name="nftablesbridges"></a>`nftables::bridges`
     allow forwarding traffic on bridges
     #### Parameters
     The following parameters are available in the `nftables::bridges` class.
     The following parameters are available in the `nftables::bridges` class:
     ##### `ensure`
     * [`ensure`](#ensure)
     * [`bridgenames`](#bridgenames)
     ##### <a name="ensure"></a>`ensure`
     Data type: `Enum['present','absent']`
-...
     Default value: `'present'`
     ##### `bridgenames`
     ##### <a name="bridgenames"></a>`bridgenames`
     Data type: `Regexp`
-...
     Default value: `/^br.+/`
     ### `nftables::inet_filter`
     ### <a name="nftablesinet_filter"></a>`nftables::inet_filter`
     manage basic chains in table inet filter
     ### `nftables::ip_nat`
     ### <a name="nftablesip_nat"></a>`nftables::ip_nat`
     manage basic chains in table ip nat
     ### `nftables::rules::afs3_callback`
     ### <a name="nftablesrulesafs3_callback"></a>`nftables::rules::afs3_callback`
     Open call back port for AFS clients
     #### Examples
     ##### allow call backs from particular hosts
     ```puppet
     class{'nftables::rules::afs3_callback':
       saddr => ['192.168.0.0/16', '10.0.0.222']
+    }
     ```
     #### Parameters
     The following parameters are available in the `nftables::rules::afs3_callback` class.
     The following parameters are available in the `nftables::rules::afs3_callback` class:
     * [`saddr`](#saddr)
     ##### `saddr`
     ##### <a name="saddr"></a>`saddr`
     Data type: `Array[Stdlib::IP::Address::V4,1]`
-...
     Default value: `['0.0.0.0/0']`
     ### `nftables::rules::ceph`
     ### <a name="nftablesrulesceph"></a>`nftables::rules::ceph`
     Ceph is a distributed object store and file system.
     Enable this to support Ceph's Object Storage Daemons (OSD),
     Metadata Server Daemons (MDS), or Manager Daemons (MGR).
     ### `nftables::rules::ceph_mon`
     ### <a name="nftablesrulesceph_mon"></a>`nftables::rules::ceph_mon`
     Ceph is a distributed object store and file system.
     Enable this option to support Ceph's Monitor Daemon.
     #### Parameters
     The following parameters are available in the `nftables::rules::ceph_mon` class.
     The following parameters are available in the `nftables::rules::ceph_mon` class:
     ##### `ports`
     * [`ports`](#ports)
     Data type: `Array[Stdlib::Port,1]`
     ##### <a name="ports"></a>`ports`
     Data type: `Array[Stdlib::Port,1]`
     specify ports for ceph service
     Default value: `[3300, 6789]`
     ### `nftables::rules::dhcpv6_client`
     ### <a name="nftablesrulesdhcpv6_client"></a>`nftables::rules::dhcpv6_client`
     The nftables::rules::dhcpv6_client class.
     allow DHCPv6 requests in to a host
     ### `nftables::rules::dns`
     ### <a name="nftablesrulesdns"></a>`nftables::rules::dns`
     manage in dns
     #### Parameters
     The following parameters are available in the `nftables::rules::dns` class.
     The following parameters are available in the `nftables::rules::dns` class:
     ##### `ports`
     * [`ports`](#ports)
     Data type: `Array[Stdlib::Port,1]`
     ##### <a name="ports"></a>`ports`
     Data type: `Array[Stdlib::Port,1]`
     Specify ports for dns.
     Default value: `[53]`
     ### `nftables::rules::http`
     ### <a name="nftablesruleshttp"></a>`nftables::rules::http`
     manage in http
     ### `nftables::rules::https`
     ### <a name="nftablesruleshttps"></a>`nftables::rules::https`
     manage in https
     ### `nftables::rules::icinga2`
     ### <a name="nftablesrulesicinga2"></a>`nftables::rules::icinga2`
     manage in icinga2
     #### Parameters
     The following parameters are available in the `nftables::rules::icinga2` class.
     The following parameters are available in the `nftables::rules::icinga2` class:
     ##### `ports`
     * [`ports`](#ports)
     Data type: `Array[Stdlib::Port,1]`
     ##### <a name="ports"></a>`ports`
     Data type: `Array[Stdlib::Port,1]`
     Specify ports for icinga1
     Default value: `[5665]`
     ### `nftables::rules::icmp`
     ### <a name="nftablesrulesicmp"></a>`nftables::rules::icmp`
     The nftables::rules::icmp class.
     #### Parameters
     The following parameters are available in the `nftables::rules::icmp` class.
     The following parameters are available in the `nftables::rules::icmp` class:
     * [`v4_types`](#v4_types)
     * [`v6_types`](#v6_types)
     * [`order`](#order)
     ##### `v4_types`
     ##### <a name="v4_types"></a>`v4_types`
     Data type: `Optional[Array[String]]`
-...
     Default value: ``undef``
     ##### `v6_types`
     ##### <a name="v6_types"></a>`v6_types`
     Data type: `Optional[Array[String]]`
-...
     Default value: ``undef``
     ##### `order`
     ##### <a name="order"></a>`order`
     Data type: `String`
-...
     Default value: `'10'`
     ### `nftables::rules::nfs`
     ### <a name="nftablesrulesnfs"></a>`nftables::rules::nfs`
     manage in nfs4
     ### `nftables::rules::nfs3`
     ### <a name="nftablesrulesnfs3"></a>`nftables::rules::nfs3`
     manage in nfs3
     ### `nftables::rules::node_exporter`
     ### <a name="nftablesrulesnode_exporter"></a>`nftables::rules::node_exporter`
     manage in node exporter
     #### Parameters
     The following parameters are available in the `nftables::rules::node_exporter` class.
     The following parameters are available in the `nftables::rules::node_exporter` class:
     ##### `prometheus_server`
     * [`prometheus_server`](#prometheus_server)
     * [`port`](#port)
     Data type: `Optional[Variant[String,Array[String,1]]]`
     ##### <a name="prometheus_server"></a>`prometheus_server`
     Data type: `Optional[Variant[String,Array[String,1]]]`
     Specify server name
     Default value: ``undef``
     ##### `port`
     ##### <a name="port"></a>`port`
     Data type: `Stdlib::Port`
     Specify port to open
     Default value: `9100`
     ### `nftables::rules::ospf`
     ### <a name="nftablesrulesospf"></a>`nftables::rules::ospf`
     manage in ospf
     ### `nftables::rules::ospf3`
     ### <a name="nftablesrulesospf3"></a>`nftables::rules::ospf3`
     manage in ospf3
     ### `nftables::rules::out::all`
     ### <a name="nftablesrulesoutall"></a>`nftables::rules::out::all`
     allow all outbound
     ### `nftables::rules::out::ceph_client`
     ### <a name="nftablesrulesoutceph_client"></a>`nftables::rules::out::ceph_client`
     Ceph is a distributed object store and file system.
     Enable this to be a client of Ceph's Monitor (MON),
-...
     #### Parameters
     The following parameters are available in the `nftables::rules::out::ceph_client` class.
     The following parameters are available in the `nftables::rules::out::ceph_client` class:
     ##### `ports`
     * [`ports`](#ports)
     Data type: `Array[Stdlib::Port,1]`
     ##### <a name="ports"></a>`ports`
     Data type: `Array[Stdlib::Port,1]`
     Specify ports to open
     Default value: `[3300, 6789]`
     ### `nftables::rules::out::chrony`
     ### <a name="nftablesrulesoutchrony"></a>`nftables::rules::out::chrony`
     manage out chrony
     ### `nftables::rules::out::dhcp`
     ### <a name="nftablesrulesoutdhcp"></a>`nftables::rules::out::dhcp`
     manage out dhcp
     ### `nftables::rules::out::dhcpv6_client`
     ### <a name="nftablesrulesoutdhcpv6_client"></a>`nftables::rules::out::dhcpv6_client`
     The nftables::rules::out::dhcpv6_client class.
     Allow DHCPv6 requests out of a host
     ### `nftables::rules::out::dns`
     ### <a name="nftablesrulesoutdns"></a>`nftables::rules::out::dns`
     manage out dns
     #### Parameters
     The following parameters are available in the `nftables::rules::out::dns` class.
     The following parameters are available in the `nftables::rules::out::dns` class:
     ##### `dns_server`
     * [`dns_server`](#dns_server)
     Data type: `Optional[Variant[String,Array[String,1]]]`
     ##### <a name="dns_server"></a>`dns_server`
     Data type: `Optional[Variant[String,Array[String,1]]]`
     specify dns_server name
     Default value: ``undef``
     ### `nftables::rules::out::http`
     ### <a name="nftablesrulesouthttp"></a>`nftables::rules::out::http`
     manage out http
     ### `nftables::rules::out::https`
     ### <a name="nftablesrulesouthttps"></a>`nftables::rules::out::https`
     manage out https
     ### `nftables::rules::out::icmp`
     ### <a name="nftablesrulesouticmp"></a>`nftables::rules::out::icmp`
     The nftables::rules::out::icmp class.
     control outbound icmp packages
     #### Parameters
     The following parameters are available in the `nftables::rules::out::icmp` class.
     The following parameters are available in the `nftables::rules::out::icmp` class:
     * [`v4_types`](#v4_types)
     * [`v6_types`](#v6_types)
     * [`order`](#order)
     ##### `v4_types`
     ##### <a name="v4_types"></a>`v4_types`
     Data type: `Optional[Array[String]]`
-...
     Default value: ``undef``
     ##### `v6_types`
     ##### <a name="v6_types"></a>`v6_types`
     Data type: `Optional[Array[String]]`
-...
     Default value: ``undef``
     ##### `order`
     ##### <a name="order"></a>`order`
     Data type: `String`
-...
     Default value: `'10'`
     ### `nftables::rules::out::kerberos`
     ### <a name="nftablesrulesoutkerberos"></a>`nftables::rules::out::kerberos`
     allows outbound access for kerberos
     ### `nftables::rules::out::mysql`
     ### <a name="nftablesrulesoutmysql"></a>`nftables::rules::out::mysql`
     manage out mysql
     ### `nftables::rules::out::nfs`
     ### <a name="nftablesrulesoutnfs"></a>`nftables::rules::out::nfs`
     manage out nfs
     ### `nftables::rules::out::nfs3`
     ### <a name="nftablesrulesoutnfs3"></a>`nftables::rules::out::nfs3`
     manage out nfs3
     ### `nftables::rules::out::openafs_client`
     ### <a name="nftablesrulesoutopenafs_client"></a>`nftables::rules::out::openafs_client`
     allows outbound access for afs clients
 - afs3-fileserver
 - afs3-ptserver
 - vlserver
-...
     #### Parameters
     The following parameters are available in the `nftables::rules::out::openafs_client` class.
     The following parameters are available in the `nftables::rules::out::openafs_client` class:
     ##### `ports`
     * [`ports`](#ports)
     Data type: `Array[Stdlib::Port,1]`
     ##### <a name="ports"></a>`ports`
     Data type: `Array[Stdlib::Port,1]`
     port numbers to use
     Default value: `[7000, 7002, 7003]`
     ### `nftables::rules::out::ospf`
     ### <a name="nftablesrulesoutospf"></a>`nftables::rules::out::ospf`
     manage out ospf
     ### `nftables::rules::out::ospf3`
     ### <a name="nftablesrulesoutospf3"></a>`nftables::rules::out::ospf3`
     manage out ospf3
     ### `nftables::rules::out::postgres`
     ### <a name="nftablesrulesoutpostgres"></a>`nftables::rules::out::postgres`
     manage out postgres
     ### `nftables::rules::out::puppet`
     ### <a name="nftablesrulesoutpuppet"></a>`nftables::rules::out::puppet`
     manage outgoing puppet
     #### Parameters
     The following parameters are available in the `nftables::rules::out::puppet` class.
     The following parameters are available in the `nftables::rules::out::puppet` class:
     ##### `puppetserver`
     * [`puppetserver`](#puppetserver)
     * [`puppetserver_port`](#puppetserver_port)
     Data type: `Variant[Stdlib::IP::Address,Array[Stdlib::IP::Address,1]]`
     ##### <a name="puppetserver"></a>`puppetserver`
     Data type: `Variant[Stdlib::IP::Address,Array[Stdlib::IP::Address,1]]`
     puppetserver hostname
     ##### `puppetserver_port`
     ##### <a name="puppetserver_port"></a>`puppetserver_port`
     Data type: `Stdlib::Port`
     puppetserver port
     Default value: `8140`
     ### `nftables::rules::out::smtp`
     ### <a name="nftablesrulesoutsmtp"></a>`nftables::rules::out::smtp`
     manage out smtp
     ### `nftables::rules::out::ssh`
     ### <a name="nftablesrulesoutssh"></a>`nftables::rules::out::ssh`
     manage out ssh
     ### `nftables::rules::out::ssh::remove`
     ### <a name="nftablesrulesoutsshremove"></a>`nftables::rules::out::ssh::remove`
     disable outgoing ssh
     ### `nftables::rules::out::tor`
     ### <a name="nftablesrulesouttor"></a>`nftables::rules::out::tor`
     manage out tor
     ### `nftables::rules::out::wireguard`
     ### <a name="nftablesrulesoutwireguard"></a>`nftables::rules::out::wireguard`
     manage out wireguard
     #### Parameters
     The following parameters are available in the `nftables::rules::out::wireguard` class.
     The following parameters are available in the `nftables::rules::out::wireguard` class:
     ##### `ports`
     * [`ports`](#ports)
     Data type: `Array[Integer,1]`
     ##### <a name="ports"></a>`ports`
     Data type: `Array[Integer,1]`
     specify wireguard ports
     Default value: `[51820]`
     ### `nftables::rules::puppet`
     ### <a name="nftablesrulespuppet"></a>`nftables::rules::puppet`
     manage in puppet
     #### Parameters
     The following parameters are available in the `nftables::rules::puppet` class.
     The following parameters are available in the `nftables::rules::puppet` class:
     ##### `ports`
     * [`ports`](#ports)
     Data type: `Array[Integer,1]`
     ##### <a name="ports"></a>`ports`
     Data type: `Array[Integer,1]`
     puppet server ports
     Default value: `[8140]`
     ### `nftables::rules::smtp`
     ### <a name="nftablesrulessmtp"></a>`nftables::rules::smtp`
     manage in smtp
     ### `nftables::rules::smtp_submission`
     ### <a name="nftablesrulessmtp_submission"></a>`nftables::rules::smtp_submission`
     manage in smtp submission
     ### `nftables::rules::smtps`
     ### <a name="nftablesrulessmtps"></a>`nftables::rules::smtps`
     manage in smtps
     ### `nftables::rules::ssh`
     ### <a name="nftablesrulesssh"></a>`nftables::rules::ssh`
     manage in ssh
     #### Parameters
     The following parameters are available in the `nftables::rules::ssh` class.
     The following parameters are available in the `nftables::rules::ssh` class:
     ##### `ports`
     * [`ports`](#ports)
     Data type: `Array[Stdlib::Port,1]`
     ##### <a name="ports"></a>`ports`
     Data type: `Array[Stdlib::Port,1]`
     ssh ports
     Default value: `[22]`
     ### `nftables::rules::tor`
     ### <a name="nftablesrulestor"></a>`nftables::rules::tor`
     manage in tor
     #### Parameters
     The following parameters are available in the `nftables::rules::tor` class.
     The following parameters are available in the `nftables::rules::tor` class:
     ##### `ports`
     * [`ports`](#ports)
     Data type: `Array[Stdlib::Port,1]`
     ##### <a name="ports"></a>`ports`
     Data type: `Array[Stdlib::Port,1]`
     ports for tor
     Default value: `[9001]`
     ### `nftables::rules::wireguard`
     ### <a name="nftablesruleswireguard"></a>`nftables::rules::wireguard`
     manage in wireguard
     #### Parameters
     The following parameters are available in the `nftables::rules::wireguard` class.
     The following parameters are available in the `nftables::rules::wireguard` class:
     ##### `ports`
     * [`ports`](#ports)
     Data type: `Array[Stdlib::Port,1]`
     ##### <a name="ports"></a>`ports`
     Data type: `Array[Stdlib::Port,1]`
     wiregueard port
     Default value: `[51820]`
     ### `nftables::services::dhcpv6_client`
     ### <a name="nftablesservicesdhcpv6_client"></a>`nftables::services::dhcpv6_client`
     The nftables::services::dhcpv6_client class.
     Allow in and outbound traffic for DHCPv6 server
     ### `nftables::services::openafs_client`
     ### <a name="nftablesservicesopenafs_client"></a>`nftables::services::openafs_client`
     The nftables::services::openafs_client class.
     Open inbound and outbound ports for an AFS client
     ## Defined types
     ### `nftables::chain`
     ### <a name="nftableschain"></a>`nftables::chain`
     manage a chain
     #### Parameters
     The following parameters are available in the `nftables::chain` defined type.
     The following parameters are available in the `nftables::chain` defined type:
     * [`table`](#table)
     * [`chain`](#chain)
     * [`inject`](#inject)
     * [`inject_iif`](#inject_iif)
     * [`inject_oif`](#inject_oif)
     ##### `table`
     ##### <a name="table"></a>`table`
     Data type: `Pattern[/^(ip|ip6|inet)-[a-zA-Z0-9_]+$/]`
-...
     Default value: `'inet-filter'`
     ##### `chain`
     ##### <a name="chain"></a>`chain`
     Data type: `Pattern[/^[a-zA-Z0-9_]+$/]`
-...
     Default value: `$title`
     ##### `inject`
     ##### <a name="inject"></a>`inject`
     Data type: `Optional[Pattern[/^\d\d-[a-zA-Z0-9_]+$/]]`
-...
     Default value: ``undef``
     ##### `inject_iif`
     ##### <a name="inject_iif"></a>`inject_iif`
     Data type: `Optional[String]`
-...
     Default value: ``undef``
     ##### `inject_oif`
     ##### <a name="inject_oif"></a>`inject_oif`
     Data type: `Optional[String]`
-...
     Default value: ``undef``
     ### `nftables::config`
     ### <a name="nftablesconfig"></a>`nftables::config`
     manage a config snippet
     #### Parameters
     The following parameters are available in the `nftables::config` defined type.
     The following parameters are available in the `nftables::config` defined type:
     ##### `tablespec`
     * [`tablespec`](#tablespec)
     * [`content`](#content)
     * [`source`](#source)
     * [`prefix`](#prefix)
     ##### <a name="tablespec"></a>`tablespec`
     Data type: `Pattern[/^\w+-\w+$/]`
-...
     Default value: `$title`
     ##### `content`
     ##### <a name="content"></a>`content`
     Data type: `Optional[String]`
-...
     Default value: ``undef``
     ##### `source`
     ##### <a name="source"></a>`source`
     Data type: `Optional[Variant[String,Array[String,1]]]`
-...
     Default value: ``undef``
     ##### `prefix`
     ##### <a name="prefix"></a>`prefix`
     Data type: `String`
-...
     Default value: `'custom-'`
     ### `nftables::rule`
     ### <a name="nftablesrule"></a>`nftables::rule`
     manage a chain rule
     Name should be:
-...
     #### Parameters
     The following parameters are available in the `nftables::rule` defined type.
     The following parameters are available in the `nftables::rule` defined type:
     * [`ensure`](#ensure)
     * [`rulename`](#rulename)
     * [`order`](#order)
     * [`table`](#table)
     * [`content`](#content)
     * [`source`](#source)
     ##### `ensure`
     ##### <a name="ensure"></a>`ensure`
     Data type: `Enum['present','absent']`
-...
     Default value: `'present'`
     ##### `rulename`
     ##### <a name="rulename"></a>`rulename`
     Data type: `Nftables::RuleName`
-...
     Default value: `$title`
     ##### `order`
     ##### <a name="order"></a>`order`
     Data type: `Pattern[/^\d\d$/]`
-...
     Default value: `'50'`
     ##### `table`
     ##### <a name="table"></a>`table`
     Data type: `Optional[String]`
-...
     Default value: `'inet-filter'`
     ##### `content`
     ##### <a name="content"></a>`content`
     Data type: `Optional[String]`
-...
     Default value: ``undef``
     ##### `source`
     ##### <a name="source"></a>`source`
     Data type: `Optional[Variant[String,Array[String,1]]]`
-...
     Default value: ``undef``
     ### `nftables::rules::dnat4`
     ### <a name="nftablesrulesdnat4"></a>`nftables::rules::dnat4`
     manage a ipv4 dnat rule
     #### Parameters
     The following parameters are available in the `nftables::rules::dnat4` defined type.
     The following parameters are available in the `nftables::rules::dnat4` defined type:
     * [`daddr`](#daddr)
     * [`port`](#port)
     * [`rulename`](#rulename)
     * [`order`](#order)
     * [`chain`](#chain)
     * [`iif`](#iif)
     * [`proto`](#proto)
     * [`dport`](#dport)
     * [`ensure`](#ensure)
     ##### `daddr`
     ##### <a name="daddr"></a>`daddr`
     Data type: `Pattern[/^[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}$/]`
     ##### `port`
     ##### <a name="port"></a>`port`
     Data type: `Variant[String,Stdlib::Port]`
     ##### `rulename`
     ##### <a name="rulename"></a>`rulename`
     Data type: `Pattern[/^[a-zA-Z0-9_]+$/]`
-...
     Default value: `$title`
     ##### `order`
     ##### <a name="order"></a>`order`
     Data type: `Pattern[/^\d\d$/]`
-...
     Default value: `'50'`
     ##### `chain`
     ##### <a name="chain"></a>`chain`
     Data type: `String[1]`
-...
     Default value: `'default_fwd'`
     ##### `iif`
     ##### <a name="iif"></a>`iif`
     Data type: `Optional[String[1]]`
-...
     Default value: ``undef``
     ##### `proto`
     ##### <a name="proto"></a>`proto`
     Data type: `Enum['tcp','udp']`
-...
     Default value: `'tcp'`
     ##### `dport`
     ##### <a name="dport"></a>`dport`
     Data type: `Optional[Variant[String,Stdlib::Port]]`
-...
     Default value: `''`
     ##### `ensure`
     ##### <a name="ensure"></a>`ensure`
     Data type: `Enum['present','absent']`
-...
     Default value: `'present'`
     ### `nftables::rules::masquerade`
     ### <a name="nftablesrulesmasquerade"></a>`nftables::rules::masquerade`
     masquerade all outgoing traffic
     #### Parameters
     The following parameters are available in the `nftables::rules::masquerade` defined type.
     The following parameters are available in the `nftables::rules::masquerade` defined type:
     ##### `rulename`
     * [`rulename`](#rulename)
     * [`order`](#order)
     * [`chain`](#chain)
     * [`oif`](#oif)
     * [`saddr`](#saddr)
     * [`daddr`](#daddr)
     * [`proto`](#proto)
     * [`dport`](#dport)
     * [`ensure`](#ensure)
     ##### <a name="rulename"></a>`rulename`
     Data type: `Pattern[/^[a-zA-Z0-9_]+$/]`
-...
     Default value: `$title`
     ##### `order`
     ##### <a name="order"></a>`order`
     Data type: `Pattern[/^\d\d$/]`
-...
     Default value: `'70'`
     ##### `chain`
     ##### <a name="chain"></a>`chain`
     Data type: `String[1]`
-...
     Default value: `'POSTROUTING'`
     ##### `oif`
     ##### <a name="oif"></a>`oif`
     Data type: `Optional[String[1]]`
-...
     Default value: ``undef``
     ##### `saddr`
     ##### <a name="saddr"></a>`saddr`
     Data type: `Optional[String[1]]`
-...
     Default value: ``undef``
     ##### `daddr`
     ##### <a name="daddr"></a>`daddr`
     Data type: `Optional[String[1]]`
-...
     Default value: ``undef``
     ##### `proto`
     ##### <a name="proto"></a>`proto`
     Data type: `Optional[Enum['tcp','udp']]`
-...
     Default value: ``undef``
     ##### `dport`
     ##### <a name="dport"></a>`dport`
     Data type: `Optional[Variant[String,Stdlib::Port]]`
-...
     Default value: ``undef``
     ##### `ensure`
     ##### <a name="ensure"></a>`ensure`
     Data type: `Enum['present','absent']`
-...
     Default value: `'present'`
     ### `nftables::rules::snat4`
     ### <a name="nftablesrulessnat4"></a>`nftables::rules::snat4`
     manage a ipv4 snat rule
     #### Parameters
     The following parameters are available in the `nftables::rules::snat4` defined type.
     The following parameters are available in the `nftables::rules::snat4` defined type:
     * [`snat`](#snat)
     * [`rulename`](#rulename)
     * [`order`](#order)
     * [`chain`](#chain)
     * [`oif`](#oif)
     * [`saddr`](#saddr)
     * [`proto`](#proto)
     * [`dport`](#dport)
     * [`ensure`](#ensure)
     ##### `snat`
     ##### <a name="snat"></a>`snat`
     Data type: `String[1]`
     ##### `rulename`
     ##### <a name="rulename"></a>`rulename`
     Data type: `Pattern[/^[a-zA-Z0-9_]+$/]`
-...
     Default value: `$title`
     ##### `order`
     ##### <a name="order"></a>`order`
     Data type: `Pattern[/^\d\d$/]`
-...
     Default value: `'70'`
     ##### `chain`
     ##### <a name="chain"></a>`chain`
     Data type: `String[1]`
-...
     Default value: `'POSTROUTING'`
     ##### `oif`
     ##### <a name="oif"></a>`oif`
     Data type: `Optional[String[1]]`
-...
     Default value: ``undef``
     ##### `saddr`
     ##### <a name="saddr"></a>`saddr`
     Data type: `Optional[String[1]]`
-...
     Default value: ``undef``
     ##### `proto`
     ##### <a name="proto"></a>`proto`
     Data type: `Optional[Enum['tcp','udp']]`
-...
     Default value: ``undef``
     ##### `dport`
     ##### <a name="dport"></a>`dport`
     Data type: `Optional[Variant[String,Stdlib::Port]]`
-...
     Default value: ``undef``
     ##### `ensure`
     ##### <a name="ensure"></a>`ensure`
     Data type: `Enum['present','absent']`
-...
     Default value: `'present'`
     ### `nftables::set`
     ### <a name="nftablesset"></a>`nftables::set`
     manage a named set
-...
     #### Parameters
     The following parameters are available in the `nftables::set` defined type.
     ##### `ensure`
     The following parameters are available in the `nftables::set` defined type:
     * [`ensure`](#ensure)
     * [`setname`](#setname)
     * [`order`](#order)
     * [`type`](#type)
     * [`table`](#table)
     * [`flags`](#flags)
     * [`timeout`](#timeout)
     * [`gc_interval`](#gc_interval)
     * [`elements`](#elements)
     * [`size`](#size)
     * [`policy`](#policy)
     * [`auto_merge`](#auto_merge)
     * [`content`](#content)
     * [`source`](#source)
     ##### <a name="ensure"></a>`ensure`
     Data type: `Enum['present','absent']`
-...
     Default value: `'present'`
     ##### `setname`
     ##### <a name="setname"></a>`setname`
     Data type: `Pattern[/^[-a-zA-Z0-9_]+$/]`
-...
     Default value: `$title`
     ##### `order`
     ##### <a name="order"></a>`order`
     Data type: `Pattern[/^\d\d$/]`
-...
     Default value: `'10'`
     ##### `type`
     ##### <a name="type"></a>`type`
     Data type: `Optional[Enum['ipv4_addr', 'ipv6_addr', 'ether_addr', 'inet_proto', 'inet_service', 'mark']]`
-...
     Default value: ``undef``
     ##### `table`
     ##### <a name="table"></a>`table`
     Data type: `String`
-...
     Default value: `'inet-filter'`
     ##### `flags`
     ##### <a name="flags"></a>`flags`
     Data type: `Array[Enum['constant', 'dynamic', 'interval', 'timeout'], 0, 4]`
-...
     Default value: `[]`
     ##### `timeout`
     ##### <a name="timeout"></a>`timeout`
     Data type: `Optional[Integer]`
-...
     Default value: ``undef``
     ##### `gc_interval`
     ##### <a name="gc_interval"></a>`gc_interval`
     Data type: `Optional[Integer]`
-...
     Default value: ``undef``
     ##### `elements`
     ##### <a name="elements"></a>`elements`
     Data type: `Optional[Array[String]]`
-...
     Default value: ``undef``
     ##### `size`
     ##### <a name="size"></a>`size`
     Data type: `Optional[Integer]`

... Ce différentiel a été tronqué car il excède la taille maximale pouvant être affichée.

Formats disponibles : Unified diff

Projet

Général

Profil

puppet nftables

Révision 09cba182