Projet

Général

Profil

Révision 31b17627

ID31b1762780ddf211709dab2e3abbeba499ab9f30
Parent 59c1ddf4
Enfant 5b4c71bc

Ajouté par Steve Traylen il y a plus de 4 ans

Use single line for each parameter definition

Voir les différences:

manifests/init.pp
80 80 
#   If left unset all tables will be flushed via a `flush ruleset`
81 81 
#
82 82 
class nftables (
83 
  Boolean $in_ssh                = true,
84 
  Boolean $in_icmp               = true,
85 
  Boolean $out_ntp               = true,
86 
  Boolean $out_dns               = true,
87 
  Boolean $out_http              = true,
88 
  Boolean $out_https             = true,
89 
  Boolean $out_icmp              = true,
90 
  Boolean $out_all               = false,
91 
  Boolean $in_out_conntrack      = true,
92 
  Boolean $fwd_conntrack         = false,
93 
  Boolean $nat                   = true,
94 
  Hash $rules                    = {},
95 
  Hash $sets                     = {},
96 
  String $log_prefix             = '[nftables] %<chain>s %<comment>s',
97 
  Variant[Boolean[false], String]
98 
  $log_limit                   = '3/minute burst 5 packets',
99 
  Variant[Boolean[false], Pattern[
100 
  /icmp(v6|x)? type .+|tcp reset/]]
101 
  $reject_with                 = 'icmpx type port-unreachable',
102 
  Variant[Boolean[false], Enum['mask']]
103 
  $firewalld_enable            = 'mask',
104 
  Optional[Array[Pattern[/^(ip|ip6|inet)-[-a-zA-Z0-9_]+$/],1]]
105 
  $noflush_tables = undef,
83 
  Boolean $in_ssh = true,
84 
  Boolean $in_icmp = true,
85 
  Boolean $out_ntp = true,
86 
  Boolean $out_dns = true,
87 
  Boolean $out_http = true,
88 
  Boolean $out_https = true,
89 
  Boolean $out_icmp = true,
90 
  Boolean $out_all = false,
91 
  Boolean $in_out_conntrack = true,
92 
  Boolean $fwd_conntrack = false,
93 
  Boolean $nat = true,
94 
  Hash $rules = {},
95 
  Hash $sets = {},
96 
  String $log_prefix = '[nftables] %<chain>s %<comment>s',
97 
  Variant[Boolean[false], String] $log_limit = '3/minute burst 5 packets',
98 
  Variant[Boolean[false], Pattern[/icmp(v6|x)? type .+|tcp reset/]] $reject_with = 'icmpx type port-unreachable',
99 
  Variant[Boolean[false], Enum['mask']] $firewalld_enable = 'mask',
100 
  Optional[Array[Pattern[/^(ip|ip6|inet)-[-a-zA-Z0-9_]+$/],1]] $noflush_tables = undef,
106 101 
) {
107 102 
  package { 'nftables':
108 103 
    ensure => installed,

Formats disponibles : Unified diff