Révision 2fda87af
Improve sections' formatting
| README.md | ||
|---|---|---|
| 18 | 18 |
Additionally, the module comes with a basic infrastructure |
| 19 | 19 |
to hook into different places. |
| 20 | 20 |
|
| 21 |
## nftables config
|
|
| 21 |
## Configuration
|
|
| 22 | 22 |
|
| 23 | 23 |
The main configuration file loaded by the nftables service |
| 24 | 24 |
will be `files/config/puppet.nft`, all other files created |
| ... | ... | |
| 47 | 47 |
INPUT and OUTPUT to the loopback device is allowed by |
| 48 | 48 |
default, though you could restrict it later. |
| 49 | 49 |
|
| 50 |
### Rules Validation
|
|
| 50 |
## Rules Validation |
|
| 51 | 51 |
|
| 52 | 52 |
Initially puppet deploys all configuration to |
| 53 | 53 |
`/etc/nftables/puppet-preflight/` and |
| ... | ... | |
| 56 | 56 |
If and only if successful the configuration will be copied to |
| 57 | 57 |
the real locations before the service is reloaded. |
| 58 | 58 |
|
| 59 |
## Basic types |
|
| 60 |
|
|
| 59 | 61 |
### nftables::config |
| 60 | 62 |
|
| 61 | 63 |
Manages a raw file in `/etc/nftables/puppet/${name}.nft`
|
| 62 | 64 |
|
| 63 | 65 |
Use this for any custom table files. |
| 64 | 66 |
|
| 65 |
## nftables::chain |
|
| 67 |
### nftables::chain
|
|
| 66 | 68 |
|
| 67 | 69 |
Prepares a chain file as a `concat` file to which you will |
| 68 | 70 |
be able to add dedicated rules through `nftables::rule`. |
| ... | ... | |
| 76 | 78 |
chain. It's possible to specify the in-interface name and |
| 77 | 79 |
out-interface name for the inject rule. |
| 78 | 80 |
|
| 79 |
## nftables::rule |
|
| 81 |
### nftables::rule
|
|
| 80 | 82 |
|
| 81 | 83 |
A simple way to add rules to any chain. The name must be: |
| 82 | 84 |
`CHAIN_NAME-rulename`, where CHAIN_NAME refers to your |
| ... | ... | |
| 91 | 93 |
[REFERENCE](https://github.com/voxpupuli/puppet-nftables/blob/master/REFERENCE.md), |
| 92 | 94 |
somebody might have encapsulated a rule definition for you already. |
| 93 | 95 |
|
| 94 |
## nftables::set |
|
| 96 |
### nftables::set
|
|
| 95 | 97 |
|
| 96 | 98 |
Adds a named set to a given table. It allows composing the |
| 97 | 99 |
set using individual parameters but also takes raw input |
| 98 | 100 |
via the content and source parameters. |
| 99 | 101 |
|
| 100 |
## nftables::simplerule |
|
| 102 |
### nftables::simplerule
|
|
| 101 | 103 |
|
| 102 | 104 |
Allows expressing firewall rules without having to use nftables's language by |
| 103 | 105 |
adding an abstraction layer a-la-Firewall. It's rather limited how far you can |
Formats disponibles : Unified diff