Révision 19908f41
add some mail related outgoing rules
| REFERENCE.md | ||
|---|---|---|
| 37 | 37 |
* [`nftables::rules::out::http`](#nftablesrulesouthttp): manage out http |
| 38 | 38 |
* [`nftables::rules::out::https`](#nftablesrulesouthttps): manage out https |
| 39 | 39 |
* [`nftables::rules::out::icmp`](#nftablesrulesouticmp): control outbound icmp packages |
| 40 |
* [`nftables::rules::out::imap`](#nftablesrulesoutimap): allow outgoing imap |
|
| 40 | 41 |
* [`nftables::rules::out::kerberos`](#nftablesrulesoutkerberos): allows outbound access for kerberos |
| 41 | 42 |
* [`nftables::rules::out::mysql`](#nftablesrulesoutmysql): manage out mysql |
| 42 | 43 |
* [`nftables::rules::out::nfs`](#nftablesrulesoutnfs): manage out nfs |
| ... | ... | |
| 47 | 48 |
7003 - vlserver |
| 48 | 49 |
* [`nftables::rules::out::ospf`](#nftablesrulesoutospf): manage out ospf |
| 49 | 50 |
* [`nftables::rules::out::ospf3`](#nftablesrulesoutospf3): manage out ospf3 |
| 51 |
* [`nftables::rules::out::pop3`](#nftablesrulesoutpop3): allow outgoing pop3 |
|
| 50 | 52 |
* [`nftables::rules::out::postgres`](#nftablesrulesoutpostgres): manage out postgres |
| 51 | 53 |
* [`nftables::rules::out::puppet`](#nftablesrulesoutpuppet): manage outgoing puppet |
| 52 |
* [`nftables::rules::out::smtp`](#nftablesrulesoutsmtp): manage out smtp |
|
| 54 |
* [`nftables::rules::out::smtp`](#nftablesrulesoutsmtp): allow outgoing smtp |
|
| 55 |
* [`nftables::rules::out::smtp_client`](#nftablesrulesoutsmtp_client): allow outgoing smtp client |
|
| 53 | 56 |
* [`nftables::rules::out::ssh`](#nftablesrulesoutssh): manage out ssh |
| 54 | 57 |
* [`nftables::rules::out::ssh::remove`](#nftablesrulesoutsshremove): disable outgoing ssh |
| 55 | 58 |
* [`nftables::rules::out::tor`](#nftablesrulesouttor): manage out tor |
| 56 | 59 |
* [`nftables::rules::out::wireguard`](#nftablesrulesoutwireguard): manage out wireguard |
| 57 | 60 |
* [`nftables::rules::puppet`](#nftablesrulespuppet): manage in puppet |
| 61 |
* [`nftables::rules::samba`](#nftablesrulessamba): manage Samba, the suite to allow Windows file sharing on Linux resources. |
|
| 58 | 62 |
* [`nftables::rules::smtp`](#nftablesrulessmtp): manage in smtp |
| 59 | 63 |
* [`nftables::rules::smtp_submission`](#nftablesrulessmtp_submission): manage in smtp submission |
| 60 | 64 |
* [`nftables::rules::smtps`](#nftablesrulessmtps): manage in smtps |
| ... | ... | |
| 608 | 612 |
|
| 609 | 613 |
Default value: `'10'` |
| 610 | 614 |
|
| 615 |
### <a name="nftablesrulesoutimap"></a>`nftables::rules::out::imap` |
|
| 616 |
|
|
| 617 |
allow outgoing imap |
|
| 618 |
|
|
| 611 | 619 |
### <a name="nftablesrulesoutkerberos"></a>`nftables::rules::out::kerberos` |
| 612 | 620 |
|
| 613 | 621 |
allows outbound access for kerberos |
| ... | ... | |
| 657 | 665 |
|
| 658 | 666 |
manage out ospf3 |
| 659 | 667 |
|
| 668 |
### <a name="nftablesrulesoutpop3"></a>`nftables::rules::out::pop3` |
|
| 669 |
|
|
| 670 |
allow outgoing pop3 |
|
| 671 |
|
|
| 660 | 672 |
### <a name="nftablesrulesoutpostgres"></a>`nftables::rules::out::postgres` |
| 661 | 673 |
|
| 662 | 674 |
manage out postgres |
| ... | ... | |
| 688 | 700 |
|
| 689 | 701 |
### <a name="nftablesrulesoutsmtp"></a>`nftables::rules::out::smtp` |
| 690 | 702 |
|
| 691 |
manage out smtp |
|
| 703 |
allow outgoing smtp |
|
| 704 |
|
|
| 705 |
### <a name="nftablesrulesoutsmtp_client"></a>`nftables::rules::out::smtp_client` |
|
| 706 |
|
|
| 707 |
allow outgoing smtp client |
|
| 692 | 708 |
|
| 693 | 709 |
### <a name="nftablesrulesoutssh"></a>`nftables::rules::out::ssh` |
| 694 | 710 |
|
| ... | ... | |
| 738 | 754 |
|
| 739 | 755 |
Default value: `[8140]` |
| 740 | 756 |
|
| 757 |
### <a name="nftablesrulessamba"></a>`nftables::rules::samba` |
|
| 758 |
|
|
| 759 |
manage Samba, the suite to allow Windows file sharing on Linux resources. |
|
| 760 |
|
|
| 761 |
#### Parameters |
|
| 762 |
|
|
| 763 |
The following parameters are available in the `nftables::rules::samba` class: |
|
| 764 |
|
|
| 765 |
* [`ctdb`](#ctdb) |
|
| 766 |
|
|
| 767 |
##### <a name="ctdb"></a>`ctdb` |
|
| 768 |
|
|
| 769 |
Data type: `Boolean` |
|
| 770 |
|
|
| 771 |
Enable ctdb-driven clustered Samba setups. |
|
| 772 |
|
|
| 773 |
Default value: ``false`` |
|
| 774 |
|
|
| 741 | 775 |
### <a name="nftablesrulessmtp"></a>`nftables::rules::smtp` |
| 742 | 776 |
|
| 743 | 777 |
manage in smtp |
| manifests/rules/out/imap.pp | ||
|---|---|---|
| 1 |
# @summary allow outgoing imap |
|
| 2 |
class nftables::rules::out::imap {
|
|
| 3 |
nftables::rule {
|
|
| 4 |
'default_out-imap': |
|
| 5 |
content => 'tcp dport {143, 993} accept',
|
|
| 6 |
} |
|
| 7 |
} |
|
| manifests/rules/out/pop3.pp | ||
|---|---|---|
| 1 |
# @summary allow outgoing pop3 |
|
| 2 |
class nftables::rules::out::pop3 {
|
|
| 3 |
nftables::rule {
|
|
| 4 |
'default_out-pop3': |
|
| 5 |
content => 'tcp dport {110, 995} accept',
|
|
| 6 |
} |
|
| 7 |
} |
|
| manifests/rules/out/smtp.pp | ||
|---|---|---|
| 1 |
# manage out smtp
|
|
| 1 |
# @summary allow outgoing smtp
|
|
| 2 | 2 |
class nftables::rules::out::smtp {
|
| 3 | 3 |
nftables::rule {
|
| 4 | 4 |
'default_out-smtp': |
| manifests/rules/out/smtp_client.pp | ||
|---|---|---|
| 1 |
# @summary allow outgoing smtp client |
|
| 2 |
class nftables::rules::out::smtp_client {
|
|
| 3 |
nftables::rule {
|
|
| 4 |
'default_out-smtp_client': |
|
| 5 |
content => 'tcp dport {465, 587} accept',
|
|
| 6 |
} |
|
| 7 |
} |
|
| spec/acceptance/all_rules_spec.rb | ||
|---|---|---|
| 60 | 60 |
include nftables::rules::out::dhcp |
| 61 | 61 |
include nftables::rules::out::nfs |
| 62 | 62 |
include nftables::rules::out::smtp |
| 63 |
include nftables::rules::out::smtp_client |
|
| 64 |
include nftables::rules::out::imap |
|
| 65 |
include nftables::rules::out::pop3 |
|
| 63 | 66 |
include nftables::rules::out::chrony |
| 64 | 67 |
include nftables::rules::out::wireguard |
| 65 | 68 |
include nftables::rules::wireguard |
| spec/classes/rules/out/imap_spec.rb | ||
|---|---|---|
| 1 |
require 'spec_helper' |
|
| 2 |
|
|
| 3 |
describe 'nftables::rules::out::imap' do |
|
| 4 |
on_supported_os.each do |os, os_facts| |
|
| 5 |
context "on #{os}" do
|
|
| 6 |
let(:facts) { os_facts }
|
|
| 7 |
|
|
| 8 |
context 'default options' do |
|
| 9 |
it { is_expected.to compile }
|
|
| 10 |
it { is_expected.to contain_nftables__rule('default_out-imap').with_content('tcp dport {143, 993} accept') }
|
|
| 11 |
end |
|
| 12 |
end |
|
| 13 |
end |
|
| 14 |
end |
|
| spec/classes/rules/out/pop3_spec.rb | ||
|---|---|---|
| 1 |
require 'spec_helper' |
|
| 2 |
|
|
| 3 |
describe 'nftables::rules::out::pop3' do |
|
| 4 |
on_supported_os.each do |os, os_facts| |
|
| 5 |
context "on #{os}" do
|
|
| 6 |
let(:facts) { os_facts }
|
|
| 7 |
|
|
| 8 |
context 'default options' do |
|
| 9 |
it { is_expected.to compile }
|
|
| 10 |
it { is_expected.to contain_nftables__rule('default_out-pop3').with_content('tcp dport {110, 995} accept') }
|
|
| 11 |
end |
|
| 12 |
end |
|
| 13 |
end |
|
| 14 |
end |
|
| spec/classes/rules/out/smtp_client_spec.rb | ||
|---|---|---|
| 1 |
require 'spec_helper' |
|
| 2 |
|
|
| 3 |
describe 'nftables::rules::out::smtp_client' do |
|
| 4 |
on_supported_os.each do |os, os_facts| |
|
| 5 |
context "on #{os}" do
|
|
| 6 |
let(:facts) { os_facts }
|
|
| 7 |
|
|
| 8 |
context 'default options' do |
|
| 9 |
it { is_expected.to compile }
|
|
| 10 |
it { is_expected.to contain_nftables__rule('default_out-smtp_client').with_content('tcp dport {465, 587} accept') }
|
|
| 11 |
end |
|
| 12 |
end |
|
| 13 |
end |
|
| 14 |
end |
|
| spec/classes/rules/out/smtp_spec.rb | ||
|---|---|---|
| 1 |
require 'spec_helper' |
|
| 2 |
|
|
| 3 |
describe 'nftables::rules::out::smtp' do |
|
| 4 |
on_supported_os.each do |os, os_facts| |
|
| 5 |
context "on #{os}" do
|
|
| 6 |
let(:facts) { os_facts }
|
|
| 7 |
|
|
| 8 |
context 'default options' do |
|
| 9 |
it { is_expected.to compile }
|
|
| 10 |
it { is_expected.to contain_nftables__rule('default_out-smtp').with_content('tcp dport 25 accept') }
|
|
| 11 |
end |
|
| 12 |
end |
|
| 13 |
end |
|
| 14 |
end |
|
Formats disponibles : Unified diff