Projet

Général

Profil

Révision 13f26dfc

ID13f26dfcb563a12617b6c525a5bf66fcf20fc5c0
Parent 7d44d49e
Enfant 0f100e5c

Ajouté par Nacho Barrientos il y a plus de 4 ans

Improve nftables::rule's documentation (#68)

Voir les différences:

manifests/rule.pp
1 
# manage a chain rule
2 
# Name should be:
3 
#   CHAIN_NAME-rulename
1 
# @summary Provides an interface to create a firewall rule
2 
#
3 
# @example add a rule named 'myhttp' to the 'default_in' chain to allow incoming traffic to TCP port 80
4 
#  nftables::rule {
5 
#    'default_in-myhttp':
6 
#      content => 'tcp dport 80 accept',
7 
#  }
8 
#
9 
# @example add a rule named 'count' to the 'PREROUTING6' chain in table 'ip6 nat' to count traffic
10 
#  nftables::rule {
11 
#    'PREROUTING6-count':
12 
#      content => 'counter',
13 
#      table   => 'ip6-nat'
14 
#  }
15 
#
16 
# @param ensure
17 
#   Should the rule be created.
18 
#
19 
# @param rulename
20 
#   The symbolic name for the rule and to what chain to add it. The
21 
#   format is defined by the Nftables::RuleName type.
22 
#
23 
# @param order
24 
#   A number representing the order of the rule.
25 
#
26 
# @param table
27 
#   The name of the table to add this rule to.
28 
#
29 
# @param content
30 
#   The raw statements that compose the rule represented using the nftables
31 
#   language.
32 
#
33 
# @param source
34 
#   Same goal as content but sourcing the value from a file.
4 35 
define nftables::rule (
5 
  # lint:ignore:parameter_documentation
6 36 
  Enum['present','absent'] $ensure = 'present',
7 37 
  Nftables::RuleName $rulename = $title,
8 38 
  Pattern[/^\d\d$/] $order = '50',
9 39 
  Optional[String] $table = 'inet-filter',
10 40 
  Optional[String] $content = undef,
11 41 
  Optional[Variant[String,Array[String,1]]] $source = undef,
12 
  # lint:endignore
13 42 
) {
14 43 
  if $ensure == 'present' {
15 44 
    $data = split($rulename, '-')

Formats disponibles : Unified diff