Révision 2ad7193b
Support logging to NFLOG group
| manifests/init.pp | ||
|---|---|---|
| 72 | 72 |
# to the rules that log discarded traffic. Set to false to |
| 73 | 73 |
# disable rate limiting. |
| 74 | 74 |
# |
| 75 |
# @param log_group |
|
| 76 |
# When specified, the Linux kernel will pass the packet to nfnetlink_log |
|
| 77 |
# which will send the log through a netlink socket to the specified group. |
|
| 78 |
# |
|
| 75 | 79 |
# @param reject_with |
| 76 | 80 |
# How to discard packets not matching any rule. If `false`, the |
| 77 | 81 |
# fate of the packet will be defined by the chain policy (normally |
| ... | ... | |
| 147 | 151 |
Hash $rules = {},
|
| 148 | 152 |
Hash $sets = {},
|
| 149 | 153 |
String $log_prefix = '[nftables] %<chain>s %<comment>s', |
| 154 |
Optional[Integer[0]] $log_group = undef, |
|
| 150 | 155 |
String[1] $nat_table_name = 'nat', |
| 151 | 156 |
Stdlib::Unixpath $inmem_rules_hash_file = '/var/tmp/puppet-nft-memhash', |
| 152 | 157 |
Boolean $log_discarded = true, |
Formats disponibles : Unified diff