Révision 13f26dfc
Improve nftables::rule's documentation (#68)
| REFERENCE.md | ||
|---|---|---|
| 72 | 72 |
|
| 73 | 73 |
* [`nftables::chain`](#nftableschain): manage a chain |
| 74 | 74 |
* [`nftables::config`](#nftablesconfig): manage a config snippet |
| 75 |
* [`nftables::rule`](#nftablesrule): manage a chain rule Name should be: CHAIN_NAME-rulename
|
|
| 75 |
* [`nftables::rule`](#nftablesrule): Provides an interface to create a firewall rule
|
|
| 76 | 76 |
* [`nftables::rules::dnat4`](#nftablesrulesdnat4): manage a ipv4 dnat rule |
| 77 | 77 |
* [`nftables::rules::masquerade`](#nftablesrulesmasquerade): masquerade all outgoing traffic |
| 78 | 78 |
* [`nftables::rules::snat4`](#nftablesrulessnat4): manage a ipv4 snat rule |
| ... | ... | |
| 949 | 949 |
|
| 950 | 950 |
### <a name="nftablesrule"></a>`nftables::rule` |
| 951 | 951 |
|
| 952 |
manage a chain rule |
|
| 953 |
Name should be: |
|
| 954 |
CHAIN_NAME-rulename |
|
| 952 |
Provides an interface to create a firewall rule |
|
| 953 |
|
|
| 954 |
#### Examples |
|
| 955 |
|
|
| 956 |
##### add a rule named 'myhttp' to the 'default_in' chain to allow incoming traffic to TCP port 80 |
|
| 957 |
|
|
| 958 |
```puppet |
|
| 959 |
nftables::rule {
|
|
| 960 |
'default_in-myhttp': |
|
| 961 |
content => 'tcp dport 80 accept', |
|
| 962 |
} |
|
| 963 |
``` |
|
| 964 |
|
|
| 965 |
##### add a rule named 'count' to the 'PREROUTING6' chain in table 'ip6 nat' to count traffic |
|
| 966 |
|
|
| 967 |
```puppet |
|
| 968 |
nftables::rule {
|
|
| 969 |
'PREROUTING6-count': |
|
| 970 |
content => 'counter', |
|
| 971 |
table => 'ip6-nat' |
|
| 972 |
} |
|
| 973 |
``` |
|
| 955 | 974 |
|
| 956 | 975 |
#### Parameters |
| 957 | 976 |
|
| ... | ... | |
| 968 | 987 |
|
| 969 | 988 |
Data type: `Enum['present','absent']` |
| 970 | 989 |
|
| 971 |
|
|
| 990 |
Should the rule be created. |
|
| 972 | 991 |
|
| 973 | 992 |
Default value: `'present'` |
| 974 | 993 |
|
| ... | ... | |
| 976 | 995 |
|
| 977 | 996 |
Data type: `Nftables::RuleName` |
| 978 | 997 |
|
| 979 |
|
|
| 998 |
The symbolic name for the rule and to what chain to add it. The |
|
| 999 |
format is defined by the Nftables::RuleName type. |
|
| 980 | 1000 |
|
| 981 | 1001 |
Default value: `$title` |
| 982 | 1002 |
|
| ... | ... | |
| 984 | 1004 |
|
| 985 | 1005 |
Data type: `Pattern[/^\d\d$/]` |
| 986 | 1006 |
|
| 987 |
|
|
| 1007 |
A number representing the order of the rule. |
|
| 988 | 1008 |
|
| 989 | 1009 |
Default value: `'50'` |
| 990 | 1010 |
|
| ... | ... | |
| 992 | 1012 |
|
| 993 | 1013 |
Data type: `Optional[String]` |
| 994 | 1014 |
|
| 995 |
|
|
| 1015 |
The name of the table to add this rule to. |
|
| 996 | 1016 |
|
| 997 | 1017 |
Default value: `'inet-filter'` |
| 998 | 1018 |
|
| ... | ... | |
| 1000 | 1020 |
|
| 1001 | 1021 |
Data type: `Optional[String]` |
| 1002 | 1022 |
|
| 1003 |
|
|
| 1023 |
The raw statements that compose the rule represented using the nftables |
|
| 1024 |
language. |
|
| 1004 | 1025 |
|
| 1005 | 1026 |
Default value: ``undef`` |
| 1006 | 1027 |
|
| ... | ... | |
| 1008 | 1029 |
|
| 1009 | 1030 |
Data type: `Optional[Variant[String,Array[String,1]]]` |
| 1010 | 1031 |
|
| 1011 |
|
|
| 1032 |
Same goal as content but sourcing the value from a file. |
|
| 1012 | 1033 |
|
| 1013 | 1034 |
Default value: ``undef`` |
| 1014 | 1035 |
|
Formats disponibles : Unified diff