/REFERENCE.md - Annoter - puppet nftables - Koumbit's Redmine

Télécharger au format

root / REFERENCE.md @ 53aa1fa8

Historique | Voir | Annoter | Télécharger (64,9 ko)

1	e17693e3	Steve Traylen	# Reference
2
3			<!-- DO NOT EDIT: This document was generated by Puppet Strings -->
4
5			## Table of Contents
6
7			### Classes
8
9			* [`nftables`](#nftables): Configure nftables
10	c24d3118	Tim Meusel	* [`nftables::bridges`](#nftables--bridges): allow forwarding traffic on bridges
11			* [`nftables::inet_filter`](#nftables--inet_filter): manage basic chains in table inet filter
12			* [`nftables::inet_filter::fwd_conntrack`](#nftables--inet_filter--fwd_conntrack): enable conntrack for fwd
13			* [`nftables::inet_filter::in_out_conntrack`](#nftables--inet_filter--in_out_conntrack): manage input & output conntrack
14			* [`nftables::ip_nat`](#nftables--ip_nat): manage basic chains in table ip nat
15			* [`nftables::rules::activemq`](#nftables--rules--activemq): Provides input rules for Apache ActiveMQ
16			* [`nftables::rules::afs3_callback`](#nftables--rules--afs3_callback): Open call back port for AFS clients
17			* [`nftables::rules::ceph`](#nftables--rules--ceph): Ceph is a distributed object store and file system. Enable this to support Ceph's Object Storage Daemons (OSD), Metadata Server Daemons (MDS)
18			* [`nftables::rules::ceph_mon`](#nftables--rules--ceph_mon): Ceph is a distributed object store and file system.
19	09cba182	Steve Traylen	Enable this option to support Ceph's Monitor Daemon.
20	c24d3118	Tim Meusel	* [`nftables::rules::dhcpv6_client`](#nftables--rules--dhcpv6_client): allow DHCPv6 requests in to a host
21			* [`nftables::rules::dns`](#nftables--rules--dns): manage in dns
22			* [`nftables::rules::docker_ce`](#nftables--rules--docker_ce): Default firewall configuration for Docker-CE
23	baad986e	Vadym Chepkov	* [`nftables::rules::ftp`](#nftables--rules--ftp): manage in ftp (with conntrack helper)
24	c24d3118	Tim Meusel	* [`nftables::rules::http`](#nftables--rules--http): manage in http
25			* [`nftables::rules::https`](#nftables--rules--https): manage in https
26			* [`nftables::rules::icinga2`](#nftables--rules--icinga2): manage in icinga2
27	8cdd24a5	Tim Meusel	* [`nftables::rules::icmp`](#nftables--rules--icmp): allows incoming ICMP
28	020842af	Tim Meusel	* [`nftables::rules::igmp`](#nftables--rules--igmp): allow incoming IGMP messages
29	ea29e235	Simon Hoenscheid	* [`nftables::rules::ldap`](#nftables--rules--ldap): manage in ldap
30	3b26826f	Tim Meusel	* [`nftables::rules::llmnr`](#nftables--rules--llmnr): allow incoming Link-Local Multicast Name Resolution
31	5ffd0328	Tim Meusel	* [`nftables::rules::mdns`](#nftables--rules--mdns): allow incoming multicast DNS
32	80b384c8	Tim Meusel	* [`nftables::rules::multicast`](#nftables--rules--multicast): allow incoming multicast traffic
33	c24d3118	Tim Meusel	* [`nftables::rules::nfs`](#nftables--rules--nfs): manage in nfs4
34			* [`nftables::rules::nfs3`](#nftables--rules--nfs3): manage in nfs3
35			* [`nftables::rules::node_exporter`](#nftables--rules--node_exporter): manage in node exporter
36			* [`nftables::rules::ospf`](#nftables--rules--ospf): manage in ospf
37			* [`nftables::rules::ospf3`](#nftables--rules--ospf3): manage in ospf3
38	ea29e235	Simon Hoenscheid	* [`nftables::rules::out::active_directory`](#nftables--rules--out--active_directory): manage outgoing active diectory
39	c24d3118	Tim Meusel	* [`nftables::rules::out::all`](#nftables--rules--out--all): allow all outbound
40			* [`nftables::rules::out::ceph_client`](#nftables--rules--out--ceph_client): Ceph is a distributed object store and file system.
41	09cba182	Steve Traylen	Enable this to be a client of Ceph's Monitor (MON),
42			Object Storage Daemons (OSD), Metadata Server Daemons (MDS),
43			and Manager Daemons (MGR).
44	c24d3118	Tim Meusel	* [`nftables::rules::out::chrony`](#nftables--rules--out--chrony): manage out chrony
45			* [`nftables::rules::out::dhcp`](#nftables--rules--out--dhcp): manage out dhcp
46			* [`nftables::rules::out::dhcpv6_client`](#nftables--rules--out--dhcpv6_client): Allow DHCPv6 requests out of a host
47			* [`nftables::rules::out::dns`](#nftables--rules--out--dns): manage out dns
48			* [`nftables::rules::out::hkp`](#nftables--rules--out--hkp): allow outgoing hkp connections to gpg keyservers
49			* [`nftables::rules::out::http`](#nftables--rules--out--http): manage out http
50			* [`nftables::rules::out::https`](#nftables--rules--out--https): manage out https
51	ee93f2de	Simon Hoenscheid	* [`nftables::rules::out::icinga2`](#nftables--rules--out--icinga2): allow outgoing icinga2
52	c24d3118	Tim Meusel	* [`nftables::rules::out::icmp`](#nftables--rules--out--icmp): control outbound icmp packages
53	a8bf4ad5	Romain Tartière	* [`nftables::rules::out::igmp`](#nftables--rules--out--igmp): allow outgoing IGMP messages
54	c24d3118	Tim Meusel	* [`nftables::rules::out::imap`](#nftables--rules--out--imap): allow outgoing imap
55			* [`nftables::rules::out::kerberos`](#nftables--rules--out--kerberos): allows outbound access for kerberos
56	ea29e235	Simon Hoenscheid	* [`nftables::rules::out::ldap`](#nftables--rules--out--ldap): manage outgoing ldap
57	6b350264	Tim Meusel	* [`nftables::rules::out::mdns`](#nftables--rules--out--mdns): allow outgoing multicast DNS
58	e499cece	Tim Meusel	* [`nftables::rules::out::mldv2`](#nftables--rules--out--mldv2): allow multicast listener requests
59	c24d3118	Tim Meusel	* [`nftables::rules::out::mysql`](#nftables--rules--out--mysql): manage out mysql
60			* [`nftables::rules::out::nfs`](#nftables--rules--out--nfs): manage out nfs
61			* [`nftables::rules::out::nfs3`](#nftables--rules--out--nfs3): manage out nfs3
62			* [`nftables::rules::out::openafs_client`](#nftables--rules--out--openafs_client): allows outbound access for afs clients
63	09cba182	Steve Traylen	7000 - afs3-fileserver
64			7002 - afs3-ptserver
65			7003 - vlserver
66	c24d3118	Tim Meusel	* [`nftables::rules::out::ospf`](#nftables--rules--out--ospf): manage out ospf
67			* [`nftables::rules::out::ospf3`](#nftables--rules--out--ospf3): manage out ospf3
68			* [`nftables::rules::out::pop3`](#nftables--rules--out--pop3): allow outgoing pop3
69			* [`nftables::rules::out::postgres`](#nftables--rules--out--postgres): manage out postgres
70			* [`nftables::rules::out::puppet`](#nftables--rules--out--puppet): manage outgoing puppet
71			* [`nftables::rules::out::pxp_agent`](#nftables--rules--out--pxp_agent): manage outgoing pxp-agent
72			* [`nftables::rules::out::smtp`](#nftables--rules--out--smtp): allow outgoing smtp
73			* [`nftables::rules::out::smtp_client`](#nftables--rules--out--smtp_client): allow outgoing smtp client
74	50a5be8b	Tim Meusel	* [`nftables::rules::out::ssdp`](#nftables--rules--out--ssdp): allow outgoing SSDP
75	c24d3118	Tim Meusel	* [`nftables::rules::out::ssh`](#nftables--rules--out--ssh): manage out ssh
76			* [`nftables::rules::out::ssh::remove`](#nftables--rules--out--ssh--remove): disable outgoing ssh
77			* [`nftables::rules::out::tor`](#nftables--rules--out--tor): manage out tor
78			* [`nftables::rules::out::whois`](#nftables--rules--out--whois): allow clients to query remote whois server
79			* [`nftables::rules::out::wireguard`](#nftables--rules--out--wireguard): manage out wireguard
80	08b9f1d0	Steve Traylen	* [`nftables::rules::podman`](#nftables--rules--podman): Rules for Podman, a tool for managing OCI containers and pods.
81			This class defines additional forwarding rules to let root containers
82			reach external networks when using Netavark (since v4.0) or CNI (deprecated).
83			At the time of writing, Podman supports automatic configuration
84			of firewall rules with iptables and firewalld only.
85	c24d3118	Tim Meusel	* [`nftables::rules::puppet`](#nftables--rules--puppet): manage in puppet
86			* [`nftables::rules::pxp_agent`](#nftables--rules--pxp_agent): manage in pxp-agent
87			* [`nftables::rules::qemu`](#nftables--rules--qemu): Bridged network configuration for qemu/libvirt
88	53aa1fa8	Tim Meusel	* [`nftables::rules::rsync`](#nftables--rules--rsync): allow rsync connections
89	c24d3118	Tim Meusel	* [`nftables::rules::samba`](#nftables--rules--samba): manage Samba, the suite to allow Windows file sharing on Linux resources.
90			* [`nftables::rules::smtp`](#nftables--rules--smtp): manage in smtp
91			* [`nftables::rules::smtp_submission`](#nftables--rules--smtp_submission): manage in smtp submission
92			* [`nftables::rules::smtps`](#nftables--rules--smtps): manage in smtps
93	8b131276	Tim Meusel	* [`nftables::rules::spotify`](#nftables--rules--spotify): allow incoming spotify
94	50a5be8b	Tim Meusel	* [`nftables::rules::ssdp`](#nftables--rules--ssdp): allow incoming SSDP
95	c24d3118	Tim Meusel	* [`nftables::rules::ssh`](#nftables--rules--ssh): manage in ssh
96			* [`nftables::rules::tor`](#nftables--rules--tor): manage in tor
97			* [`nftables::rules::wireguard`](#nftables--rules--wireguard): manage in wireguard
98	ffc8b86f	Tim Meusel	* [`nftables::rules::wsd`](#nftables--rules--wsd): allow incoming webservice discovery
99	c24d3118	Tim Meusel	* [`nftables::services::dhcpv6_client`](#nftables--services--dhcpv6_client): Allow in and outbound traffic for DHCPv6 server
100			* [`nftables::services::openafs_client`](#nftables--services--openafs_client): Open inbound and outbound ports for an AFS client
101	e17693e3	Steve Traylen
102			### Defined types
103
104	c24d3118	Tim Meusel	* [`nftables::chain`](#nftables--chain): manage a chain
105			* [`nftables::config`](#nftables--config): manage a config snippet
106			* [`nftables::file`](#nftables--file): Insert a file into the nftables configuration
107	baad986e	Vadym Chepkov	* [`nftables::helper`](#nftables--helper): manage a conntrack helper
108	c24d3118	Tim Meusel	* [`nftables::rule`](#nftables--rule): Provides an interface to create a firewall rule
109			* [`nftables::rules::dnat4`](#nftables--rules--dnat4): manage a ipv4 dnat rule
110			* [`nftables::rules::masquerade`](#nftables--rules--masquerade): masquerade all outgoing traffic
111			* [`nftables::rules::snat4`](#nftables--rules--snat4): manage a ipv4 snat rule
112			* [`nftables::set`](#nftables--set): manage a named set
113			* [`nftables::simplerule`](#nftables--simplerule): Provides a simplified interface to nftables::rule
114	4d63adda	Nacho Barrientos
115			### Data types
116
117	c24d3118	Tim Meusel	* [`Nftables::Addr`](#Nftables--Addr): Represents an address expression to be used within a rule.
118			* [`Nftables::Addr::Set`](#Nftables--Addr--Set): Represents a set expression to be used within a rule.
119			* [`Nftables::Port`](#Nftables--Port): Represents a port expression to be used within a rule.
120			* [`Nftables::Port::Range`](#Nftables--Port--Range): Represents a port range expression to be used within a rule.
121			* [`Nftables::RuleName`](#Nftables--RuleName): Represents a rule name to be used in a raw rule created via nftables::rule.
122	8c00b818	Nacho Barrientos	It's a dash separated string. The first component describes the chain to
123			add the rule to, the second the rule name and the (optional) third a number.
124			Ex: 'default_in-sshd', 'default_out-my_service-2'.
125	c24d3118	Tim Meusel	* [`Nftables::SimpleRuleName`](#Nftables--SimpleRuleName): Represents a simple rule name to be used in a rule created via nftables::simplerule
126	e17693e3	Steve Traylen
127			## Classes
128
129	09cba182	Steve Traylen	### <a name="nftables"></a>`nftables`
130	e17693e3	Steve Traylen
131			Configure nftables
132
133			#### Examples
134
135	b9785000	Steve Traylen	##### allow dns out and do not allow ntp out
136	e17693e3	Steve Traylen
137			```puppet
138	2063deaf	hashworks	class{ 'nftables':
139			out_ntp => false,
140			out_dns => true,
141	e17693e3	Steve Traylen	}
142			```
143
144	b9785000	Steve Traylen	##### do not flush particular tables, fail2ban in this case
145
146			```puppet
147	2063deaf	hashworks	class{ 'nftables':
148			noflush_tables => ['inet-f2b-table'],
149	b9785000	Steve Traylen	}
150			```
151
152	e17693e3	Steve Traylen	#### Parameters
153
154	09cba182	Steve Traylen	The following parameters are available in the `nftables` class:
155
156	c24d3118	Tim Meusel	* [`out_all`](#-nftables--out_all)
157			* [`out_ntp`](#-nftables--out_ntp)
158			* [`out_http`](#-nftables--out_http)
159			* [`out_dns`](#-nftables--out_dns)
160			* [`out_https`](#-nftables--out_https)
161			* [`out_icmp`](#-nftables--out_icmp)
162			* [`in_ssh`](#-nftables--in_ssh)
163			* [`in_icmp`](#-nftables--in_icmp)
164			* [`inet_filter`](#-nftables--inet_filter)
165			* [`nat`](#-nftables--nat)
166			* [`nat_table_name`](#-nftables--nat_table_name)
167	3f278f1c	canihavethisone	* [`purge_unmanaged_rules`](#-nftables--purge_unmanaged_rules)
168			* [`inmem_rules_hash_file`](#-nftables--inmem_rules_hash_file)
169	c24d3118	Tim Meusel	* [`sets`](#-nftables--sets)
170			* [`log_prefix`](#-nftables--log_prefix)
171	a9bbb10d	Vadym Chepkov	* [`log_discarded`](#-nftables--log_discarded)
172	c24d3118	Tim Meusel	* [`log_limit`](#-nftables--log_limit)
173			* [`reject_with`](#-nftables--reject_with)
174			* [`in_out_conntrack`](#-nftables--in_out_conntrack)
175	eac19d14	Tim Meusel	* [`in_out_drop_invalid`](#-nftables--in_out_drop_invalid)
176	c24d3118	Tim Meusel	* [`fwd_conntrack`](#-nftables--fwd_conntrack)
177	eac19d14	Tim Meusel	* [`fwd_drop_invalid`](#-nftables--fwd_drop_invalid)
178	c24d3118	Tim Meusel	* [`firewalld_enable`](#-nftables--firewalld_enable)
179			* [`noflush_tables`](#-nftables--noflush_tables)
180			* [`rules`](#-nftables--rules)
181			* [`configuration_path`](#-nftables--configuration_path)
182			* [`nft_path`](#-nftables--nft_path)
183			* [`echo`](#-nftables--echo)
184			* [`default_config_mode`](#-nftables--default_config_mode)
185	a528bf59	Steve Traylen	* [`clobber_default_config`](#-nftables--clobber_default_config)
186	c24d3118	Tim Meusel
187			##### <a name="-nftables--out_all"></a>`out_all`
188	e17693e3	Steve Traylen
189			Data type: `Boolean`
190
191			Allow all outbound connections. If `true` then all other
192			out parameters `out_ntp`, `out_dns`, ... will be assuemed
193			false.
194
195	c24d3118	Tim Meusel	Default value: `false`
196	e17693e3	Steve Traylen
197	c24d3118	Tim Meusel	##### <a name="-nftables--out_ntp"></a>`out_ntp`
198	e17693e3	Steve Traylen
199			Data type: `Boolean`
200
201			Allow outbound to ntp servers.
202
203	c24d3118	Tim Meusel	Default value: `true`
204	e17693e3	Steve Traylen
205	c24d3118	Tim Meusel	##### <a name="-nftables--out_http"></a>`out_http`
206	e17693e3	Steve Traylen
207			Data type: `Boolean`
208
209			Allow outbound to http servers.
210
211	c24d3118	Tim Meusel	Default value: `true`
212	e17693e3	Steve Traylen
213	c24d3118	Tim Meusel	##### <a name="-nftables--out_dns"></a>`out_dns`
214	e17693e3	Steve Traylen
215			Data type: `Boolean`
216
217	09cba182	Steve Traylen	Allow outbound to dns servers.
218	e17693e3	Steve Traylen
219	c24d3118	Tim Meusel	Default value: `true`
220	e17693e3	Steve Traylen
221	c24d3118	Tim Meusel	##### <a name="-nftables--out_https"></a>`out_https`
222	09cba182	Steve Traylen
223			Data type: `Boolean`
224	e17693e3	Steve Traylen
225			Allow outbound to https servers.
226
227	c24d3118	Tim Meusel	Default value: `true`
228	e17693e3	Steve Traylen
229	c24d3118	Tim Meusel	##### <a name="-nftables--out_icmp"></a>`out_icmp`
230	7f6cacc5	Steve Traylen
231			Data type: `Boolean`
232
233			Allow outbound ICMPv4/v6 traffic.
234
235	c24d3118	Tim Meusel	Default value: `true`
236	7f6cacc5	Steve Traylen
237	c24d3118	Tim Meusel	##### <a name="-nftables--in_ssh"></a>`in_ssh`
238	e17693e3	Steve Traylen
239			Data type: `Boolean`
240
241			Allow inbound to ssh servers.
242
243	c24d3118	Tim Meusel	Default value: `true`
244	e17693e3	Steve Traylen
245	c24d3118	Tim Meusel	##### <a name="-nftables--in_icmp"></a>`in_icmp`
246	7f6cacc5	Steve Traylen
247			Data type: `Boolean`
248
249			Allow inbound ICMPv4/v6 traffic.
250
251	c24d3118	Tim Meusel	Default value: `true`
252	7f6cacc5	Steve Traylen
253	c24d3118	Tim Meusel	##### <a name="-nftables--inet_filter"></a>`inet_filter`
254	7b9d6ffc	Nacho Barrientos
255			Data type: `Boolean`
256
257			Add default tables, chains and rules to process traffic.
258
259	c24d3118	Tim Meusel	Default value: `true`
260	7b9d6ffc	Nacho Barrientos
261	c24d3118	Tim Meusel	##### <a name="-nftables--nat"></a>`nat`
262	7f6cacc5	Steve Traylen
263			Data type: `Boolean`
264
265			Add default tables and chains to process NAT traffic.
266
267	c24d3118	Tim Meusel	Default value: `true`
268	7f6cacc5	Steve Traylen
269	c24d3118	Tim Meusel	##### <a name="-nftables--nat_table_name"></a>`nat_table_name`
270	b02d6ea9	Nacho Barrientos
271			Data type: `String[1]`
272
273			The name of the 'nat' table.
274
275			Default value: `'nat'`
276
277	3f278f1c	canihavethisone	##### <a name="-nftables--purge_unmanaged_rules"></a>`purge_unmanaged_rules`
278
279			Data type: `Boolean`
280
281			Prohibits in-memory rules that are not declared in Puppet
282			code. Setting this to true activates a check that reloads nftables
283			if the rules in memory have been modified without Puppet.
284
285			Default value: `false`
286
287			##### <a name="-nftables--inmem_rules_hash_file"></a>`inmem_rules_hash_file`
288
289			Data type: `Stdlib::Unixpath`
290
291			The name of the file where the hash of the in-memory rules
292			will be stored.
293
294	efb04acd	canihavethisone	Default value: `'/var/tmp/puppet-nft-memhash'`
295	3f278f1c	canihavethisone
296	c24d3118	Tim Meusel	##### <a name="-nftables--sets"></a>`sets`
297	b9785000	Steve Traylen
298			Data type: `Hash`
299
300			Allows sourcing set definitions directly from Hiera.
301
302			Default value: `{}`
303
304	c24d3118	Tim Meusel	##### <a name="-nftables--log_prefix"></a>`log_prefix`
305	7f6cacc5	Steve Traylen
306			Data type: `String`
307
308			String that will be used as prefix when logging packets. It can contain
309			two variables using standard sprintf() string-formatting:
310			* chain: Will be replaced by the name of the chain.
311			* comment: Allows chains to add extra comments.
312
313			Default value: `'[nftables] %<chain>s %<comment>s'`
314
315	a9bbb10d	Vadym Chepkov	##### <a name="-nftables--log_discarded"></a>`log_discarded`
316
317			Data type: `Boolean`
318
319			Allow to log discarded packets
320
321			Default value: `true`
322
323	c24d3118	Tim Meusel	##### <a name="-nftables--log_limit"></a>`log_limit`
324	b9785000	Steve Traylen
325			Data type: `Variant[Boolean[false], String]`
326
327			String with the content of a limit statement to be applied
328			to the rules that log discarded traffic. Set to false to
329			disable rate limiting.
330
331			Default value: `'3/minute burst 5 packets'`
332
333	c24d3118	Tim Meusel	##### <a name="-nftables--reject_with"></a>`reject_with`
334	7f6cacc5	Steve Traylen
335	b9785000	Steve Traylen	Data type: `Variant[Boolean[false], Pattern[/icmp(v6\|x)? type .+\|tcp reset/]]`
336	7f6cacc5	Steve Traylen
337			How to discard packets not matching any rule. If `false`, the
338			fate of the packet will be defined by the chain policy (normally
339			drop), otherwise the packet will be rejected with the REJECT_WITH
340			policy indicated by the value of this parameter.
341
342			Default value: `'icmpx type port-unreachable'`
343
344	c24d3118	Tim Meusel	##### <a name="-nftables--in_out_conntrack"></a>`in_out_conntrack`
345	7f6cacc5	Steve Traylen
346			Data type: `Boolean`
347
348			Adds INPUT and OUTPUT rules to allow traffic that's part of an
349			established connection and also to drop invalid packets.
350
351	c24d3118	Tim Meusel	Default value: `true`
352	7f6cacc5	Steve Traylen
353	eac19d14	Tim Meusel	##### <a name="-nftables--in_out_drop_invalid"></a>`in_out_drop_invalid`
354
355			Data type: `Boolean`
356
357			Drops invalid packets in INPUT and OUTPUT
358
359			Default value: `$in_out_conntrack`
360
361	c24d3118	Tim Meusel	##### <a name="-nftables--fwd_conntrack"></a>`fwd_conntrack`
362	b9785000	Steve Traylen
363			Data type: `Boolean`
364
365			Adds FORWARD rules to allow traffic that's part of an
366			established connection and also to drop invalid packets.
367
368	c24d3118	Tim Meusel	Default value: `false`
369	b9785000	Steve Traylen
370	eac19d14	Tim Meusel	##### <a name="-nftables--fwd_drop_invalid"></a>`fwd_drop_invalid`
371
372			Data type: `Boolean`
373
374			Drops invalid packets in FORWARD
375
376			Default value: `$fwd_conntrack`
377
378	c24d3118	Tim Meusel	##### <a name="-nftables--firewalld_enable"></a>`firewalld_enable`
379	7f6cacc5	Steve Traylen
380			Data type: `Variant[Boolean[false], Enum['mask']]`
381
382			Configures how the firewalld systemd service unit is enabled. It might be
383			useful to set this to false if you're externaly removing firewalld from
384			the system completely.
385
386			Default value: `'mask'`
387
388	c24d3118	Tim Meusel	##### <a name="-nftables--noflush_tables"></a>`noflush_tables`
389	b9785000	Steve Traylen
390	3b8f5945	Steve Traylen	Data type: `Optional[Array[Pattern[/^(ip\|ip6\|inet\|arp\|bridge\|netdev)-[-a-zA-Z0-9_]+$/],1]]`
391	b9785000	Steve Traylen
392			If specified only other existings tables will be flushed.
393			If left unset all tables will be flushed via a `flush ruleset`
394
395	c24d3118	Tim Meusel	Default value: `undef`
396	b9785000	Steve Traylen
397	c24d3118	Tim Meusel	##### <a name="-nftables--rules"></a>`rules`
398	7f6cacc5	Steve Traylen
399			Data type: `Hash`
400
401	09cba182	Steve Traylen	Specify hashes of `nftables::rule`s via hiera
402	7f6cacc5	Steve Traylen
403			Default value: `{}`
404
405	c24d3118	Tim Meusel	##### <a name="-nftables--configuration_path"></a>`configuration_path`
406	d0a1ffef	hashworks
407			Data type: `Stdlib::Unixpath`
408
409			The absolute path to the principal nftables configuration file. The default
410			varies depending on the system, and is set in the module's data.
411
412	c24d3118	Tim Meusel	##### <a name="-nftables--nft_path"></a>`nft_path`
413	8842a597	Tim Meusel
414			Data type: `Stdlib::Unixpath`
415
416			Path to the nft binary
417
418	c24d3118	Tim Meusel	##### <a name="-nftables--echo"></a>`echo`
419	821ec83a	Tim Meusel
420			Data type: `Stdlib::Unixpath`
421
422			Path to the echo binary
423
424	c24d3118	Tim Meusel	##### <a name="-nftables--default_config_mode"></a>`default_config_mode`
425	7030bde0	Luis Fernández Álvarez
426			Data type: `Stdlib::Filemode`
427
428			The default file & dir mode for configuration files and directories. The
429			default varies depending on the system, and is set in the module's data.
430
431	a528bf59	Steve Traylen	##### <a name="-nftables--clobber_default_config"></a>`clobber_default_config`
432
433			Data type: `Boolean`
434
435			Should the existing OS provided rules in the `configuration_path` be removed? If
436			they are not being removed this module will add all of its configuration to the end of
437			the existing rules.
438
439			Default value: `false`
440
441	c24d3118	Tim Meusel	### <a name="nftables--bridges"></a>`nftables::bridges`
442	7f6cacc5	Steve Traylen
443			allow forwarding traffic on bridges
444
445			#### Parameters
446
447	09cba182	Steve Traylen	The following parameters are available in the `nftables::bridges` class:
448	7f6cacc5	Steve Traylen
449	c24d3118	Tim Meusel	* [`ensure`](#-nftables--bridges--ensure)
450			* [`bridgenames`](#-nftables--bridges--bridgenames)
451	09cba182	Steve Traylen
452	c24d3118	Tim Meusel	##### <a name="-nftables--bridges--ensure"></a>`ensure`
453	7f6cacc5	Steve Traylen
454			Data type: `Enum['present','absent']`
455
456
457
458			Default value: `'present'`
459
460	c24d3118	Tim Meusel	##### <a name="-nftables--bridges--bridgenames"></a>`bridgenames`
461	7f6cacc5	Steve Traylen
462			Data type: `Regexp`
463
464
465
466			Default value: `/^br.+/`
467
468	c24d3118	Tim Meusel	### <a name="nftables--inet_filter"></a>`nftables::inet_filter`
469	e17693e3	Steve Traylen
470			manage basic chains in table inet filter
471
472	c24d3118	Tim Meusel	### <a name="nftables--inet_filter--fwd_conntrack"></a>`nftables::inet_filter::fwd_conntrack`
473	a1f09048	Tim Meusel
474			enable conntrack for fwd
475
476	c24d3118	Tim Meusel	### <a name="nftables--inet_filter--in_out_conntrack"></a>`nftables::inet_filter::in_out_conntrack`
477	a1f09048	Tim Meusel
478			manage input & output conntrack
479
480	c24d3118	Tim Meusel	### <a name="nftables--ip_nat"></a>`nftables::ip_nat`
481	e17693e3	Steve Traylen
482			manage basic chains in table ip nat
483
484	c24d3118	Tim Meusel	### <a name="nftables--rules--activemq"></a>`nftables::rules::activemq`
485	771b3256	Nacho Barrientos
486			Provides input rules for Apache ActiveMQ
487
488			#### Parameters
489
490			The following parameters are available in the `nftables::rules::activemq` class:
491
492	c24d3118	Tim Meusel	* [`tcp`](#-nftables--rules--activemq--tcp)
493			* [`udp`](#-nftables--rules--activemq--udp)
494			* [`port`](#-nftables--rules--activemq--port)
495	771b3256	Nacho Barrientos
496	c24d3118	Tim Meusel	##### <a name="-nftables--rules--activemq--tcp"></a>`tcp`
497	771b3256	Nacho Barrientos
498			Data type: `Boolean`
499
500			Create the rule for TCP traffic.
501
502	c24d3118	Tim Meusel	Default value: `true`
503	771b3256	Nacho Barrientos
504	c24d3118	Tim Meusel	##### <a name="-nftables--rules--activemq--udp"></a>`udp`
505	771b3256	Nacho Barrientos
506			Data type: `Boolean`
507
508			Create the rule for UDP traffic.
509
510	c24d3118	Tim Meusel	Default value: `true`
511	771b3256	Nacho Barrientos
512	c24d3118	Tim Meusel	##### <a name="-nftables--rules--activemq--port"></a>`port`
513	771b3256	Nacho Barrientos
514			Data type: `Stdlib::Port`
515
516			The port number for the ActiveMQ daemon.
517
518			Default value: `61616`
519
520	c24d3118	Tim Meusel	### <a name="nftables--rules--afs3_callback"></a>`nftables::rules::afs3_callback`
521	09cba182	Steve Traylen
522			Open call back port for AFS clients
523	7f6cacc5	Steve Traylen
524	09cba182	Steve Traylen	#### Examples
525
526			##### allow call backs from particular hosts
527
528			```puppet
529	7f6cacc5	Steve Traylen	class{'nftables::rules::afs3_callback':
530			saddr => ['192.168.0.0/16', '10.0.0.222']
531			}
532	09cba182	Steve Traylen	```
533	7f6cacc5	Steve Traylen
534			#### Parameters
535
536	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::afs3_callback` class:
537
538	c24d3118	Tim Meusel	* [`saddr`](#-nftables--rules--afs3_callback--saddr)
539	7f6cacc5	Steve Traylen
540	c24d3118	Tim Meusel	##### <a name="-nftables--rules--afs3_callback--saddr"></a>`saddr`
541	7f6cacc5	Steve Traylen
542			Data type: `Array[Stdlib::IP::Address::V4,1]`
543
544			list of source network ranges to a
545
546			Default value: `['0.0.0.0/0']`
547
548	c24d3118	Tim Meusel	### <a name="nftables--rules--ceph"></a>`nftables::rules::ceph`
549	b9785000	Steve Traylen
550			Ceph is a distributed object store and file system.
551			Enable this to support Ceph's Object Storage Daemons (OSD),
552			Metadata Server Daemons (MDS), or Manager Daemons (MGR).
553
554	c24d3118	Tim Meusel	### <a name="nftables--rules--ceph_mon"></a>`nftables::rules::ceph_mon`
555	b9785000	Steve Traylen
556			Ceph is a distributed object store and file system.
557			Enable this option to support Ceph's Monitor Daemon.
558
559			#### Parameters
560
561	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::ceph_mon` class:
562	b9785000	Steve Traylen
563	c24d3118	Tim Meusel	* [`ports`](#-nftables--rules--ceph_mon--ports)
564	b9785000	Steve Traylen
565	c24d3118	Tim Meusel	##### <a name="-nftables--rules--ceph_mon--ports"></a>`ports`
566	b9785000	Steve Traylen
567	09cba182	Steve Traylen	Data type: `Array[Stdlib::Port,1]`
568	b9785000	Steve Traylen
569	09cba182	Steve Traylen	specify ports for ceph service
570	b9785000	Steve Traylen
571			Default value: `[3300, 6789]`
572
573	c24d3118	Tim Meusel	### <a name="nftables--rules--dhcpv6_client"></a>`nftables::rules::dhcpv6_client`
574	7f6cacc5	Steve Traylen
575	09cba182	Steve Traylen	allow DHCPv6 requests in to a host
576	7f6cacc5	Steve Traylen
577	c24d3118	Tim Meusel	### <a name="nftables--rules--dns"></a>`nftables::rules::dns`
578	7f6cacc5	Steve Traylen
579			manage in dns
580
581	67cdcf15	Steve Traylen	#### Examples
582
583			##### Allow access to stub dns resolver from docker containers
584
585			```puppet
586			class { 'nftables::rules::dns':
587			iifname => ['docker0'],
588			}
589			```
590
591	7f6cacc5	Steve Traylen	#### Parameters
592
593	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::dns` class:
594	7f6cacc5	Steve Traylen
595	c24d3118	Tim Meusel	* [`ports`](#-nftables--rules--dns--ports)
596	67cdcf15	Steve Traylen	* [`iifname`](#-nftables--rules--dns--iifname)
597	7f6cacc5	Steve Traylen
598	c24d3118	Tim Meusel	##### <a name="-nftables--rules--dns--ports"></a>`ports`
599	7f6cacc5	Steve Traylen
600	09cba182	Steve Traylen	Data type: `Array[Stdlib::Port,1]`
601	7f6cacc5	Steve Traylen
602	09cba182	Steve Traylen	Specify ports for dns.
603	7f6cacc5	Steve Traylen
604			Default value: `[53]`
605
606	67cdcf15	Steve Traylen	##### <a name="-nftables--rules--dns--iifname"></a>`iifname`
607
608			Data type: `Optional[Array[String[1],1]]`
609
610			Specify input interface names.
611
612			Default value: `undef`
613
614	c24d3118	Tim Meusel	### <a name="nftables--rules--docker_ce"></a>`nftables::rules::docker_ce`
615	804b96e4	Nacho Barrientos
616			The configuration distributed in this class represents the default firewall
617			configuration done by docker-ce when the iptables integration is enabled.
618
619			This class is needed as the default docker-ce rules added to ip-filter conflict
620			with the inet-filter forward rules set by default in this module.
621
622			When using this class 'docker::iptables: false' should be set.
623
624			#### Parameters
625
626			The following parameters are available in the `nftables::rules::docker_ce` class:
627
628	c24d3118	Tim Meusel	* [`docker_interface`](#-nftables--rules--docker_ce--docker_interface)
629			* [`docker_prefix`](#-nftables--rules--docker_ce--docker_prefix)
630			* [`manage_docker_chains`](#-nftables--rules--docker_ce--manage_docker_chains)
631			* [`manage_base_chains`](#-nftables--rules--docker_ce--manage_base_chains)
632	804b96e4	Nacho Barrientos
633	c24d3118	Tim Meusel	##### <a name="-nftables--rules--docker_ce--docker_interface"></a>`docker_interface`
634	804b96e4	Nacho Barrientos
635			Data type: `String[1]`
636
637			Interface name used by docker.
638
639			Default value: `'docker0'`
640
641	c24d3118	Tim Meusel	##### <a name="-nftables--rules--docker_ce--docker_prefix"></a>`docker_prefix`
642	804b96e4	Nacho Barrientos
643			Data type: `Stdlib::IP::Address::V4::CIDR`
644
645			The address space used by docker.
646
647			Default value: `'172.17.0.0/16'`
648
649	c24d3118	Tim Meusel	##### <a name="-nftables--rules--docker_ce--manage_docker_chains"></a>`manage_docker_chains`
650	804b96e4	Nacho Barrientos
651			Data type: `Boolean`
652
653			Flag to control whether the class should create the docker related chains.
654
655	c24d3118	Tim Meusel	Default value: `true`
656	804b96e4	Nacho Barrientos
657	c24d3118	Tim Meusel	##### <a name="-nftables--rules--docker_ce--manage_base_chains"></a>`manage_base_chains`
658	804b96e4	Nacho Barrientos
659			Data type: `Boolean`
660
661			Flag to control whether the class should create the base common chains.
662
663	c24d3118	Tim Meusel	Default value: `true`
664	804b96e4	Nacho Barrientos
665	baad986e	Vadym Chepkov	### <a name="nftables--rules--ftp"></a>`nftables::rules::ftp`
666
667			manage in ftp (with conntrack helper)
668
669			#### Parameters
670
671			The following parameters are available in the `nftables::rules::ftp` class:
672
673			* [`enable_passive`](#-nftables--rules--ftp--enable_passive)
674			* [`passive_ports`](#-nftables--rules--ftp--passive_ports)
675
676			##### <a name="-nftables--rules--ftp--enable_passive"></a>`enable_passive`
677
678			Data type: `Boolean`
679
680			Enable FTP passive mode support
681
682			Default value: `true`
683
684			##### <a name="-nftables--rules--ftp--passive_ports"></a>`passive_ports`
685
686			Data type: `Nftables::Port::Range`
687
688			Set the FTP passive mode port range
689
690			Default value: `'10090-10100'`
691
692	c24d3118	Tim Meusel	### <a name="nftables--rules--http"></a>`nftables::rules::http`
693	e17693e3	Steve Traylen
694			manage in http
695
696	c24d3118	Tim Meusel	### <a name="nftables--rules--https"></a>`nftables::rules::https`
697	e17693e3	Steve Traylen
698			manage in https
699
700	c24d3118	Tim Meusel	### <a name="nftables--rules--icinga2"></a>`nftables::rules::icinga2`
701	e17693e3	Steve Traylen
702			manage in icinga2
703
704			#### Parameters
705
706	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::icinga2` class:
707	e17693e3	Steve Traylen
708	c24d3118	Tim Meusel	* [`ports`](#-nftables--rules--icinga2--ports)
709	e17693e3	Steve Traylen
710	c24d3118	Tim Meusel	##### <a name="-nftables--rules--icinga2--ports"></a>`ports`
711	e17693e3	Steve Traylen
712	09cba182	Steve Traylen	Data type: `Array[Stdlib::Port,1]`
713	e17693e3	Steve Traylen
714	8db66304	Steve Traylen	Specify ports for icinga2
715	e17693e3	Steve Traylen
716			Default value: `[5665]`
717
718	c24d3118	Tim Meusel	### <a name="nftables--rules--icmp"></a>`nftables::rules::icmp`
719	7f6cacc5	Steve Traylen
720	8cdd24a5	Tim Meusel	allows incoming ICMP
721	7f6cacc5	Steve Traylen
722			#### Parameters
723
724	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::icmp` class:
725
726	c24d3118	Tim Meusel	* [`v4_types`](#-nftables--rules--icmp--v4_types)
727			* [`v6_types`](#-nftables--rules--icmp--v6_types)
728			* [`order`](#-nftables--rules--icmp--order)
729	7f6cacc5	Steve Traylen
730	c24d3118	Tim Meusel	##### <a name="-nftables--rules--icmp--v4_types"></a>`v4_types`
731	7f6cacc5	Steve Traylen
732			Data type: `Optional[Array[String]]`
733
734	8cdd24a5	Tim Meusel	ICMP v4 types that should be allowed
735	7f6cacc5	Steve Traylen
736	c24d3118	Tim Meusel	Default value: `undef`
737	7f6cacc5	Steve Traylen
738	c24d3118	Tim Meusel	##### <a name="-nftables--rules--icmp--v6_types"></a>`v6_types`
739	7f6cacc5	Steve Traylen
740			Data type: `Optional[Array[String]]`
741
742	8cdd24a5	Tim Meusel	ICMP v6 types that should be allowed
743	7f6cacc5	Steve Traylen
744	c24d3118	Tim Meusel	Default value: `undef`
745	7f6cacc5	Steve Traylen
746	c24d3118	Tim Meusel	##### <a name="-nftables--rules--icmp--order"></a>`order`
747	7f6cacc5	Steve Traylen
748			Data type: `String`
749
750	8cdd24a5	Tim Meusel	the ordering of the rules
751	7f6cacc5	Steve Traylen
752			Default value: `'10'`
753
754	020842af	Tim Meusel	### <a name="nftables--rules--igmp"></a>`nftables::rules::igmp`
755
756			allow incoming IGMP messages
757
758	ea29e235	Simon Hoenscheid	### <a name="nftables--rules--ldap"></a>`nftables::rules::ldap`
759
760			manage in ldap
761
762			#### Parameters
763
764			The following parameters are available in the `nftables::rules::ldap` class:
765
766			* [`ports`](#-nftables--rules--ldap--ports)
767
768			##### <a name="-nftables--rules--ldap--ports"></a>`ports`
769
770			Data type: `Array[Integer,1]`
771
772			ldap server ports
773
774			Default value: `[389, 636]`
775
776	3b26826f	Tim Meusel	### <a name="nftables--rules--llmnr"></a>`nftables::rules::llmnr`
777
778			allow incoming Link-Local Multicast Name Resolution
779
780			* See also
781			* https://datatracker.ietf.org/doc/html/rfc4795
782
783			#### Parameters
784
785			The following parameters are available in the `nftables::rules::llmnr` class:
786
787			* [`ipv4`](#-nftables--rules--llmnr--ipv4)
788			* [`ipv6`](#-nftables--rules--llmnr--ipv6)
789	1ef7d5c4	Tim Meusel	* [`iifname`](#-nftables--rules--llmnr--iifname)
790	3b26826f	Tim Meusel
791			##### <a name="-nftables--rules--llmnr--ipv4"></a>`ipv4`
792
793			Data type: `Boolean`
794
795			Allow LLMNR over IPv4
796
797			Default value: `true`
798
799			##### <a name="-nftables--rules--llmnr--ipv6"></a>`ipv6`
800
801			Data type: `Boolean`
802
803			Allow LLMNR over IPv6
804
805			Default value: `true`
806
807	1ef7d5c4	Tim Meusel	##### <a name="-nftables--rules--llmnr--iifname"></a>`iifname`
808
809			Data type: `Array[String[1]]`
810
811			optional list of incoming interfaces to filter on
812
813			Default value: `[]`
814
815	5ffd0328	Tim Meusel	### <a name="nftables--rules--mdns"></a>`nftables::rules::mdns`
816
817			allow incoming multicast DNS
818
819	ad3dbd7d	Ewoud Kohl van Wijngaarden	#### Parameters
820
821			The following parameters are available in the `nftables::rules::mdns` class:
822
823			* [`ipv4`](#-nftables--rules--mdns--ipv4)
824			* [`ipv6`](#-nftables--rules--mdns--ipv6)
825	4c3d5d6b	Tim Meusel	* [`iifname`](#-nftables--rules--mdns--iifname)
826	ad3dbd7d	Ewoud Kohl van Wijngaarden
827			##### <a name="-nftables--rules--mdns--ipv4"></a>`ipv4`
828
829			Data type: `Boolean`
830
831			Allow mdns over IPv4
832
833			Default value: `true`
834
835			##### <a name="-nftables--rules--mdns--ipv6"></a>`ipv6`
836
837			Data type: `Boolean`
838
839			Allow mdns over IPv6
840
841			Default value: `true`
842
843	4c3d5d6b	Tim Meusel	##### <a name="-nftables--rules--mdns--iifname"></a>`iifname`
844
845			Data type: `Array[String[1]]`
846
847			name for incoming interfaces to filter
848
849			Default value: `[]`
850
851	80b384c8	Tim Meusel	### <a name="nftables--rules--multicast"></a>`nftables::rules::multicast`
852
853			allow incoming multicast traffic
854
855	c24d3118	Tim Meusel	### <a name="nftables--rules--nfs"></a>`nftables::rules::nfs`
856	b9785000	Steve Traylen
857			manage in nfs4
858
859	c24d3118	Tim Meusel	### <a name="nftables--rules--nfs3"></a>`nftables::rules::nfs3`
860	b9785000	Steve Traylen
861			manage in nfs3
862
863	c24d3118	Tim Meusel	### <a name="nftables--rules--node_exporter"></a>`nftables::rules::node_exporter`
864	7f6cacc5	Steve Traylen
865			manage in node exporter
866
867			#### Parameters
868
869	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::node_exporter` class:
870	7f6cacc5	Steve Traylen
871	c24d3118	Tim Meusel	* [`prometheus_server`](#-nftables--rules--node_exporter--prometheus_server)
872			* [`port`](#-nftables--rules--node_exporter--port)
873	7f6cacc5	Steve Traylen
874	c24d3118	Tim Meusel	##### <a name="-nftables--rules--node_exporter--prometheus_server"></a>`prometheus_server`
875	7f6cacc5	Steve Traylen
876	09cba182	Steve Traylen	Data type: `Optional[Variant[String,Array[String,1]]]`
877	7f6cacc5	Steve Traylen
878	09cba182	Steve Traylen	Specify server name
879	7f6cacc5	Steve Traylen
880	c24d3118	Tim Meusel	Default value: `undef`
881	7f6cacc5	Steve Traylen
882	c24d3118	Tim Meusel	##### <a name="-nftables--rules--node_exporter--port"></a>`port`
883	7f6cacc5	Steve Traylen
884	bc1b0f1a	Steve Traylen	Data type: `Stdlib::Port`
885	7f6cacc5	Steve Traylen
886	09cba182	Steve Traylen	Specify port to open
887	7f6cacc5	Steve Traylen
888			Default value: `9100`
889
890	c24d3118	Tim Meusel	### <a name="nftables--rules--ospf"></a>`nftables::rules::ospf`
891	e17693e3	Steve Traylen
892			manage in ospf
893
894	c24d3118	Tim Meusel	### <a name="nftables--rules--ospf3"></a>`nftables::rules::ospf3`
895	e17693e3	Steve Traylen
896			manage in ospf3
897
898	3e2b5119	Tim Meusel	#### Parameters
899
900			The following parameters are available in the `nftables::rules::ospf3` class:
901
902			* [`iifname`](#-nftables--rules--ospf3--iifname)
903
904			##### <a name="-nftables--rules--ospf3--iifname"></a>`iifname`
905
906			Data type: `Array[String[1]]`
907
908			optional list of incoming interfaces to allow traffic
909
910			Default value: `[]`
911
912	ea29e235	Simon Hoenscheid	### <a name="nftables--rules--out--active_directory"></a>`nftables::rules::out::active_directory`
913
914			manage outgoing active diectory
915
916			#### Parameters
917
918			The following parameters are available in the `nftables::rules::out::active_directory` class:
919
920			* [`adserver`](#-nftables--rules--out--active_directory--adserver)
921			* [`adserver_ports`](#-nftables--rules--out--active_directory--adserver_ports)
922
923			##### <a name="-nftables--rules--out--active_directory--adserver"></a>`adserver`
924
925			Data type: `Variant[Stdlib::IP::Address,Array[Stdlib::IP::Address,1]]`
926
927			adserver IPs
928
929			##### <a name="-nftables--rules--out--active_directory--adserver_ports"></a>`adserver_ports`
930
931			Data type: `Array[Stdlib::Port,1]`
932
933			adserver ports
934
935			Default value: `[389, 636, 3268, 3269]`
936
937	c24d3118	Tim Meusel	### <a name="nftables--rules--out--all"></a>`nftables::rules::out::all`
938	e17693e3	Steve Traylen
939			allow all outbound
940
941	c24d3118	Tim Meusel	### <a name="nftables--rules--out--ceph_client"></a>`nftables::rules::out::ceph_client`
942	b9785000	Steve Traylen
943			Ceph is a distributed object store and file system.
944			Enable this to be a client of Ceph's Monitor (MON),
945			Object Storage Daemons (OSD), Metadata Server Daemons (MDS),
946			and Manager Daemons (MGR).
947
948			#### Parameters
949
950	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::out::ceph_client` class:
951	b9785000	Steve Traylen
952	c24d3118	Tim Meusel	* [`ports`](#-nftables--rules--out--ceph_client--ports)
953	b9785000	Steve Traylen
954	c24d3118	Tim Meusel	##### <a name="-nftables--rules--out--ceph_client--ports"></a>`ports`
955	b9785000	Steve Traylen
956	09cba182	Steve Traylen	Data type: `Array[Stdlib::Port,1]`
957	b9785000	Steve Traylen
958	09cba182	Steve Traylen	Specify ports to open
959	b9785000	Steve Traylen
960			Default value: `[3300, 6789]`
961
962	c24d3118	Tim Meusel	### <a name="nftables--rules--out--chrony"></a>`nftables::rules::out::chrony`
963	e17693e3	Steve Traylen
964			manage out chrony
965
966	7937a13b	Tim Meusel	#### Parameters
967
968			The following parameters are available in the `nftables::rules::out::chrony` class:
969
970	c24d3118	Tim Meusel	* [`servers`](#-nftables--rules--out--chrony--servers)
971	7937a13b	Tim Meusel
972	c24d3118	Tim Meusel	##### <a name="-nftables--rules--out--chrony--servers"></a>`servers`
973	7937a13b	Tim Meusel
974			Data type: `Array[Stdlib::IP::Address]`
975
976			single IP-Address or array of IP-addresses from NTP servers
977
978			Default value: `[]`
979
980	c24d3118	Tim Meusel	### <a name="nftables--rules--out--dhcp"></a>`nftables::rules::out::dhcp`
981	e17693e3	Steve Traylen
982			manage out dhcp
983
984	c24d3118	Tim Meusel	### <a name="nftables--rules--out--dhcpv6_client"></a>`nftables::rules::out::dhcpv6_client`
985	7f6cacc5	Steve Traylen
986	09cba182	Steve Traylen	Allow DHCPv6 requests out of a host
987	7f6cacc5	Steve Traylen
988	c24d3118	Tim Meusel	### <a name="nftables--rules--out--dns"></a>`nftables::rules::out::dns`
989	e17693e3	Steve Traylen
990			manage out dns
991
992			#### Parameters
993
994	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::out::dns` class:
995	e17693e3	Steve Traylen
996	c24d3118	Tim Meusel	* [`dns_server`](#-nftables--rules--out--dns--dns_server)
997	e17693e3	Steve Traylen
998	c24d3118	Tim Meusel	##### <a name="-nftables--rules--out--dns--dns_server"></a>`dns_server`
999	e17693e3	Steve Traylen
1000	9d1ee648	Tim Meusel	Data type: `Array[Stdlib::IP::Address]`
1001	e17693e3	Steve Traylen
1002	09cba182	Steve Traylen	specify dns_server name
1003	e17693e3	Steve Traylen
1004	9d1ee648	Tim Meusel	Default value: `[]`
1005	e17693e3	Steve Traylen
1006	c24d3118	Tim Meusel	### <a name="nftables--rules--out--hkp"></a>`nftables::rules::out::hkp`
1007	a1f09048	Tim Meusel
1008			allow outgoing hkp connections to gpg keyservers
1009
1010	c24d3118	Tim Meusel	### <a name="nftables--rules--out--http"></a>`nftables::rules::out::http`
1011	e17693e3	Steve Traylen
1012			manage out http
1013
1014	c24d3118	Tim Meusel	### <a name="nftables--rules--out--https"></a>`nftables::rules::out::https`
1015	e17693e3	Steve Traylen
1016			manage out https
1017
1018	ee93f2de	Simon Hoenscheid	### <a name="nftables--rules--out--icinga2"></a>`nftables::rules::out::icinga2`
1019
1020			allow outgoing icinga2
1021
1022			#### Parameters
1023
1024			The following parameters are available in the `nftables::rules::out::icinga2` class:
1025
1026			* [`ports`](#-nftables--rules--out--icinga2--ports)
1027
1028			##### <a name="-nftables--rules--out--icinga2--ports"></a>`ports`
1029
1030			Data type: `Array[Stdlib::Port,1]`
1031
1032			icinga2 ports
1033
1034			Default value: `[5665]`
1035
1036	c24d3118	Tim Meusel	### <a name="nftables--rules--out--icmp"></a>`nftables::rules::out::icmp`
1037	7f6cacc5	Steve Traylen
1038	09cba182	Steve Traylen	control outbound icmp packages
1039	7f6cacc5	Steve Traylen
1040			#### Parameters
1041
1042	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::out::icmp` class:
1043
1044	c24d3118	Tim Meusel	* [`v4_types`](#-nftables--rules--out--icmp--v4_types)
1045			* [`v6_types`](#-nftables--rules--out--icmp--v6_types)
1046			* [`order`](#-nftables--rules--out--icmp--order)
1047	7f6cacc5	Steve Traylen
1048	c24d3118	Tim Meusel	##### <a name="-nftables--rules--out--icmp--v4_types"></a>`v4_types`
1049	7f6cacc5	Steve Traylen
1050			Data type: `Optional[Array[String]]`
1051
1052	5d554e75	Tim Meusel	ICMP v4 types that should be allowed
1053	7f6cacc5	Steve Traylen
1054	c24d3118	Tim Meusel	Default value: `undef`
1055	7f6cacc5	Steve Traylen
1056	c24d3118	Tim Meusel	##### <a name="-nftables--rules--out--icmp--v6_types"></a>`v6_types`
1057	7f6cacc5	Steve Traylen
1058			Data type: `Optional[Array[String]]`
1059
1060	5d554e75	Tim Meusel	ICMP v6 types that should be allowed
1061	7f6cacc5	Steve Traylen
1062	c24d3118	Tim Meusel	Default value: `undef`
1063	7f6cacc5	Steve Traylen
1064	c24d3118	Tim Meusel	##### <a name="-nftables--rules--out--icmp--order"></a>`order`
1065	7f6cacc5	Steve Traylen
1066			Data type: `String`
1067
1068	5d554e75	Tim Meusel	the ordering of the rules
1069	7f6cacc5	Steve Traylen
1070			Default value: `'10'`
1071
1072	020842af	Tim Meusel	### <a name="nftables--rules--out--igmp"></a>`nftables::rules::out::igmp`
1073
1074	a8bf4ad5	Romain Tartière	allow outgoing IGMP messages
1075	020842af	Tim Meusel
1076	c24d3118	Tim Meusel	### <a name="nftables--rules--out--imap"></a>`nftables::rules::out::imap`
1077	19908f41	mh
1078			allow outgoing imap
1079
1080	c24d3118	Tim Meusel	### <a name="nftables--rules--out--kerberos"></a>`nftables::rules::out::kerberos`
1081	7f6cacc5	Steve Traylen
1082			allows outbound access for kerberos
1083
1084	ea29e235	Simon Hoenscheid	### <a name="nftables--rules--out--ldap"></a>`nftables::rules::out::ldap`
1085
1086			manage outgoing ldap
1087
1088			#### Parameters
1089
1090			The following parameters are available in the `nftables::rules::out::ldap` class:
1091
1092			* [`ldapserver`](#-nftables--rules--out--ldap--ldapserver)
1093			* [`ldapserver_ports`](#-nftables--rules--out--ldap--ldapserver_ports)
1094
1095			##### <a name="-nftables--rules--out--ldap--ldapserver"></a>`ldapserver`
1096
1097			Data type: `Variant[Stdlib::IP::Address,Array[Stdlib::IP::Address,1]]`
1098
1099			ldapserver IPs
1100
1101			##### <a name="-nftables--rules--out--ldap--ldapserver_ports"></a>`ldapserver_ports`
1102
1103			Data type: `Array[Stdlib::Port,1]`
1104
1105			ldapserver ports
1106
1107			Default value: `[389, 636]`
1108
1109	6b350264	Tim Meusel	### <a name="nftables--rules--out--mdns"></a>`nftables::rules::out::mdns`
1110
1111			allow outgoing multicast DNS
1112
1113			#### Parameters
1114
1115			The following parameters are available in the `nftables::rules::out::mdns` class:
1116
1117			* [`ipv4`](#-nftables--rules--out--mdns--ipv4)
1118			* [`ipv6`](#-nftables--rules--out--mdns--ipv6)
1119	51850192	Tim Meusel	* [`oifname`](#-nftables--rules--out--mdns--oifname)
1120	6b350264	Tim Meusel
1121			##### <a name="-nftables--rules--out--mdns--ipv4"></a>`ipv4`
1122
1123			Data type: `Boolean`
1124
1125			Allow mdns over IPv4
1126
1127			Default value: `true`
1128
1129			##### <a name="-nftables--rules--out--mdns--ipv6"></a>`ipv6`
1130
1131			Data type: `Boolean`
1132
1133			Allow mdns over IPv6
1134
1135			Default value: `true`
1136
1137	51850192	Tim Meusel	##### <a name="-nftables--rules--out--mdns--oifname"></a>`oifname`
1138
1139			Data type: `Array[String[1]]`
1140
1141			optional name for outgoing interfaces
1142
1143			Default value: `[]`
1144
1145	e499cece	Tim Meusel	### <a name="nftables--rules--out--mldv2"></a>`nftables::rules::out::mldv2`
1146
1147			allow multicast listener requests
1148
1149	c24d3118	Tim Meusel	### <a name="nftables--rules--out--mysql"></a>`nftables::rules::out::mysql`
1150	e17693e3	Steve Traylen
1151			manage out mysql
1152
1153	c24d3118	Tim Meusel	### <a name="nftables--rules--out--nfs"></a>`nftables::rules::out::nfs`
1154	b9785000	Steve Traylen
1155			manage out nfs
1156
1157	c24d3118	Tim Meusel	### <a name="nftables--rules--out--nfs3"></a>`nftables::rules::out::nfs3`
1158	b9785000	Steve Traylen
1159			manage out nfs3
1160
1161	c24d3118	Tim Meusel	### <a name="nftables--rules--out--openafs_client"></a>`nftables::rules::out::openafs_client`
1162	7f6cacc5	Steve Traylen
1163	09cba182	Steve Traylen	allows outbound access for afs clients
1164	7f6cacc5	Steve Traylen	7000 - afs3-fileserver
1165			7002 - afs3-ptserver
1166			7003 - vlserver
1167
1168			* See also
1169			* https://wiki.openafs.org/devel/AFSServicePorts/
1170			* AFS Service Ports
1171
1172			#### Parameters
1173
1174	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::out::openafs_client` class:
1175	7f6cacc5	Steve Traylen
1176	c24d3118	Tim Meusel	* [`ports`](#-nftables--rules--out--openafs_client--ports)
1177	7f6cacc5	Steve Traylen
1178	c24d3118	Tim Meusel	##### <a name="-nftables--rules--out--openafs_client--ports"></a>`ports`
1179	7f6cacc5	Steve Traylen
1180	09cba182	Steve Traylen	Data type: `Array[Stdlib::Port,1]`
1181	7f6cacc5	Steve Traylen
1182	09cba182	Steve Traylen	port numbers to use
1183	7f6cacc5	Steve Traylen
1184			Default value: `[7000, 7002, 7003]`
1185
1186	c24d3118	Tim Meusel	### <a name="nftables--rules--out--ospf"></a>`nftables::rules::out::ospf`
1187	e17693e3	Steve Traylen
1188			manage out ospf
1189
1190	c24d3118	Tim Meusel	### <a name="nftables--rules--out--ospf3"></a>`nftables::rules::out::ospf3`
1191	e17693e3	Steve Traylen
1192			manage out ospf3
1193
1194	925c358d	Tim Meusel	#### Parameters
1195
1196			The following parameters are available in the `nftables::rules::out::ospf3` class:
1197
1198			* [`oifname`](#-nftables--rules--out--ospf3--oifname)
1199
1200			##### <a name="-nftables--rules--out--ospf3--oifname"></a>`oifname`
1201
1202			Data type: `Array[String[1]]`
1203
1204			optional list of outgoing interfaces to filter on
1205
1206			Default value: `[]`
1207
1208	c24d3118	Tim Meusel	### <a name="nftables--rules--out--pop3"></a>`nftables::rules::out::pop3`
1209	19908f41	mh
1210			allow outgoing pop3
1211
1212	c24d3118	Tim Meusel	### <a name="nftables--rules--out--postgres"></a>`nftables::rules::out::postgres`
1213	e17693e3	Steve Traylen
1214			manage out postgres
1215
1216	c24d3118	Tim Meusel	### <a name="nftables--rules--out--puppet"></a>`nftables::rules::out::puppet`
1217	e17693e3	Steve Traylen
1218			manage outgoing puppet
1219
1220			#### Parameters
1221
1222	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::out::puppet` class:
1223	e17693e3	Steve Traylen
1224	c24d3118	Tim Meusel	* [`puppetserver`](#-nftables--rules--out--puppet--puppetserver)
1225			* [`puppetserver_port`](#-nftables--rules--out--puppet--puppetserver_port)
1226	e17693e3	Steve Traylen
1227	c24d3118	Tim Meusel	##### <a name="-nftables--rules--out--puppet--puppetserver"></a>`puppetserver`
1228	e17693e3	Steve Traylen
1229	09cba182	Steve Traylen	Data type: `Variant[Stdlib::IP::Address,Array[Stdlib::IP::Address,1]]`
1230	e17693e3	Steve Traylen
1231	09cba182	Steve Traylen	puppetserver hostname
1232	e17693e3	Steve Traylen
1233	c24d3118	Tim Meusel	##### <a name="-nftables--rules--out--puppet--puppetserver_port"></a>`puppetserver_port`
1234	e17693e3	Steve Traylen
1235	bc1b0f1a	Steve Traylen	Data type: `Stdlib::Port`
1236	e17693e3	Steve Traylen
1237	09cba182	Steve Traylen	puppetserver port
1238	e17693e3	Steve Traylen
1239			Default value: `8140`
1240
1241	c24d3118	Tim Meusel	### <a name="nftables--rules--out--pxp_agent"></a>`nftables::rules::out::pxp_agent`
1242	194e05d5	Tim Meusel
1243			manage outgoing pxp-agent
1244
1245			* See also
1246			* also
1247			* take a look at nftables::rules::out::puppet, because the PXP agent also connects to a Puppetserver
1248
1249			#### Parameters
1250
1251			The following parameters are available in the `nftables::rules::out::pxp_agent` class:
1252
1253	c24d3118	Tim Meusel	* [`broker`](#-nftables--rules--out--pxp_agent--broker)
1254			* [`broker_port`](#-nftables--rules--out--pxp_agent--broker_port)
1255	194e05d5	Tim Meusel
1256	c24d3118	Tim Meusel	##### <a name="-nftables--rules--out--pxp_agent--broker"></a>`broker`
1257	194e05d5	Tim Meusel
1258			Data type: `Variant[Stdlib::IP::Address,Array[Stdlib::IP::Address,1]]`
1259
1260			PXP broker IP(s)
1261
1262	c24d3118	Tim Meusel	##### <a name="-nftables--rules--out--pxp_agent--broker_port"></a>`broker_port`
1263	194e05d5	Tim Meusel
1264			Data type: `Stdlib::Port`
1265
1266			PXP broker port
1267
1268			Default value: `8142`
1269
1270	c24d3118	Tim Meusel	### <a name="nftables--rules--out--smtp"></a>`nftables::rules::out::smtp`
1271	e17693e3	Steve Traylen
1272	19908f41	mh	allow outgoing smtp
1273
1274	c24d3118	Tim Meusel	### <a name="nftables--rules--out--smtp_client"></a>`nftables::rules::out::smtp_client`
1275	19908f41	mh
1276			allow outgoing smtp client
1277	e17693e3	Steve Traylen
1278	50a5be8b	Tim Meusel	### <a name="nftables--rules--out--ssdp"></a>`nftables::rules::out::ssdp`
1279
1280			allow outgoing SSDP
1281
1282			* See also
1283			* https://datatracker.ietf.org/doc/html/draft-cai-ssdp-v1-03
1284
1285			#### Parameters
1286
1287			The following parameters are available in the `nftables::rules::out::ssdp` class:
1288
1289			* [`ipv4`](#-nftables--rules--out--ssdp--ipv4)
1290			* [`ipv6`](#-nftables--rules--out--ssdp--ipv6)
1291
1292			##### <a name="-nftables--rules--out--ssdp--ipv4"></a>`ipv4`
1293
1294			Data type: `Boolean`
1295
1296			Allow SSDP over IPv4
1297
1298			Default value: `true`
1299
1300			##### <a name="-nftables--rules--out--ssdp--ipv6"></a>`ipv6`
1301
1302			Data type: `Boolean`
1303
1304			Allow SSDP over IPv6
1305
1306			Default value: `true`
1307
1308	c24d3118	Tim Meusel	### <a name="nftables--rules--out--ssh"></a>`nftables::rules::out::ssh`
1309	e17693e3	Steve Traylen
1310			manage out ssh
1311
1312	c24d3118	Tim Meusel	### <a name="nftables--rules--out--ssh--remove"></a>`nftables::rules::out::ssh::remove`
1313	e17693e3	Steve Traylen
1314			disable outgoing ssh
1315
1316	c24d3118	Tim Meusel	### <a name="nftables--rules--out--tor"></a>`nftables::rules::out::tor`
1317	e17693e3	Steve Traylen
1318			manage out tor
1319
1320	c24d3118	Tim Meusel	### <a name="nftables--rules--out--whois"></a>`nftables::rules::out::whois`
1321	2b1896c1	Tim Meusel
1322			allow clients to query remote whois server
1323
1324	c24d3118	Tim Meusel	### <a name="nftables--rules--out--wireguard"></a>`nftables::rules::out::wireguard`
1325	e17693e3	Steve Traylen
1326			manage out wireguard
1327
1328			#### Parameters
1329
1330	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::out::wireguard` class:
1331	e17693e3	Steve Traylen
1332	c24d3118	Tim Meusel	* [`ports`](#-nftables--rules--out--wireguard--ports)
1333	e17693e3	Steve Traylen
1334	c24d3118	Tim Meusel	##### <a name="-nftables--rules--out--wireguard--ports"></a>`ports`
1335	e17693e3	Steve Traylen
1336	09cba182	Steve Traylen	Data type: `Array[Integer,1]`
1337	e17693e3	Steve Traylen
1338	09cba182	Steve Traylen	specify wireguard ports
1339	e17693e3	Steve Traylen
1340			Default value: `[51820]`
1341
1342	08b9f1d0	Steve Traylen	### <a name="nftables--rules--podman"></a>`nftables::rules::podman`
1343
1344			Rules for Podman, a tool for managing OCI containers and pods.
1345			This class defines additional forwarding rules to let root containers
1346			reach external networks when using Netavark (since v4.0) or CNI (deprecated).
1347			At the time of writing, Podman supports automatic configuration
1348			of firewall rules with iptables and firewalld only.
1349
1350	c24d3118	Tim Meusel	### <a name="nftables--rules--puppet"></a>`nftables::rules::puppet`
1351	e17693e3	Steve Traylen
1352			manage in puppet
1353
1354			#### Parameters
1355
1356	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::puppet` class:
1357	e17693e3	Steve Traylen
1358	c24d3118	Tim Meusel	* [`ports`](#-nftables--rules--puppet--ports)
1359	e17693e3	Steve Traylen
1360	c24d3118	Tim Meusel	##### <a name="-nftables--rules--puppet--ports"></a>`ports`
1361	e17693e3	Steve Traylen
1362	09cba182	Steve Traylen	Data type: `Array[Integer,1]`
1363	e17693e3	Steve Traylen
1364	09cba182	Steve Traylen	puppet server ports
1365	e17693e3	Steve Traylen
1366			Default value: `[8140]`
1367
1368	c24d3118	Tim Meusel	### <a name="nftables--rules--pxp_agent"></a>`nftables::rules::pxp_agent`
1369	7f74df2e	Tim Meusel
1370			manage in pxp-agent
1371
1372			#### Parameters
1373
1374			The following parameters are available in the `nftables::rules::pxp_agent` class:
1375
1376	c24d3118	Tim Meusel	* [`ports`](#-nftables--rules--pxp_agent--ports)
1377	7f74df2e	Tim Meusel
1378	c24d3118	Tim Meusel	##### <a name="-nftables--rules--pxp_agent--ports"></a>`ports`
1379	7f74df2e	Tim Meusel
1380	2b1896c1	Tim Meusel	Data type: `Array[Stdlib::Port,1]`
1381	7f74df2e	Tim Meusel
1382			pxp server ports
1383
1384			Default value: `[8142]`
1385
1386	c24d3118	Tim Meusel	### <a name="nftables--rules--qemu"></a>`nftables::rules::qemu`
1387	cd2a3cbf	Nacho Barrientos
1388			This class configures the typical firewall setup that libvirt
1389			creates. Depending on your requirements you can switch on and off
1390			several aspects, for instance if you don't do DHCP to your guests
1391			you can disable the rules that accept DHCP traffic on the host or if
1392			you don't want your guests to talk to hosts outside you can disable
1393			forwarding and/or masquerading for IPv4 traffic.
1394
1395			#### Parameters
1396
1397			The following parameters are available in the `nftables::rules::qemu` class:
1398
1399	c24d3118	Tim Meusel	* [`interface`](#-nftables--rules--qemu--interface)
1400			* [`network_v4`](#-nftables--rules--qemu--network_v4)
1401			* [`network_v6`](#-nftables--rules--qemu--network_v6)
1402			* [`dns`](#-nftables--rules--qemu--dns)
1403			* [`dhcpv4`](#-nftables--rules--qemu--dhcpv4)
1404			* [`forward_traffic`](#-nftables--rules--qemu--forward_traffic)
1405			* [`internal_traffic`](#-nftables--rules--qemu--internal_traffic)
1406			* [`masquerade`](#-nftables--rules--qemu--masquerade)
1407	cd2a3cbf	Nacho Barrientos
1408	c24d3118	Tim Meusel	##### <a name="-nftables--rules--qemu--interface"></a>`interface`
1409	cd2a3cbf	Nacho Barrientos
1410			Data type: `String[1]`
1411
1412			Interface name used by the bridge.
1413
1414			Default value: `'virbr0'`
1415
1416	c24d3118	Tim Meusel	##### <a name="-nftables--rules--qemu--network_v4"></a>`network_v4`
1417	cd2a3cbf	Nacho Barrientos
1418			Data type: `Stdlib::IP::Address::V4::CIDR`
1419
1420			The IPv4 network prefix used in the virtual network.
1421
1422			Default value: `'192.168.122.0/24'`
1423
1424	c24d3118	Tim Meusel	##### <a name="-nftables--rules--qemu--network_v6"></a>`network_v6`
1425	cd2a3cbf	Nacho Barrientos
1426			Data type: `Optional[Stdlib::IP::Address::V6::CIDR]`
1427
1428			The IPv6 network prefix used in the virtual network.
1429
1430	c24d3118	Tim Meusel	Default value: `undef`
1431	cd2a3cbf	Nacho Barrientos
1432	c24d3118	Tim Meusel	##### <a name="-nftables--rules--qemu--dns"></a>`dns`
1433	cd2a3cbf	Nacho Barrientos
1434			Data type: `Boolean`
1435
1436			Allow DNS traffic from the guests to the host.
1437
1438	c24d3118	Tim Meusel	Default value: `true`
1439	cd2a3cbf	Nacho Barrientos
1440	c24d3118	Tim Meusel	##### <a name="-nftables--rules--qemu--dhcpv4"></a>`dhcpv4`
1441	cd2a3cbf	Nacho Barrientos
1442			Data type: `Boolean`
1443
1444			Allow DHCPv4 traffic from the guests to the host.
1445
1446	c24d3118	Tim Meusel	Default value: `true`
1447	cd2a3cbf	Nacho Barrientos
1448	c24d3118	Tim Meusel	##### <a name="-nftables--rules--qemu--forward_traffic"></a>`forward_traffic`
1449	cd2a3cbf	Nacho Barrientos
1450			Data type: `Boolean`
1451
1452			Allow forwarded traffic (out all, in related/established)
1453			generated by the virtual network.
1454
1455	c24d3118	Tim Meusel	Default value: `true`
1456	cd2a3cbf	Nacho Barrientos
1457	c24d3118	Tim Meusel	##### <a name="-nftables--rules--qemu--internal_traffic"></a>`internal_traffic`
1458	cd2a3cbf	Nacho Barrientos
1459			Data type: `Boolean`
1460
1461			Allow guests in the virtual network to talk to each other.
1462
1463	c24d3118	Tim Meusel	Default value: `true`
1464	cd2a3cbf	Nacho Barrientos
1465	c24d3118	Tim Meusel	##### <a name="-nftables--rules--qemu--masquerade"></a>`masquerade`
1466	cd2a3cbf	Nacho Barrientos
1467			Data type: `Boolean`
1468
1469			Do NAT masquerade on all IPv4 traffic generated by guests
1470			to external networks.
1471
1472	c24d3118	Tim Meusel	Default value: `true`
1473	cd2a3cbf	Nacho Barrientos
1474	53aa1fa8	Tim Meusel	### <a name="nftables--rules--rsync"></a>`nftables::rules::rsync`
1475
1476			allow rsync connections
1477
1478	c24d3118	Tim Meusel	### <a name="nftables--rules--samba"></a>`nftables::rules::samba`
1479	19908f41	mh
1480			manage Samba, the suite to allow Windows file sharing on Linux resources.
1481
1482			#### Parameters
1483
1484			The following parameters are available in the `nftables::rules::samba` class:
1485
1486	c24d3118	Tim Meusel	* [`ctdb`](#-nftables--rules--samba--ctdb)
1487	64404839	Tim Meusel	* [`action`](#-nftables--rules--samba--action)
1488	19908f41	mh
1489	c24d3118	Tim Meusel	##### <a name="-nftables--rules--samba--ctdb"></a>`ctdb`
1490	19908f41	mh
1491			Data type: `Boolean`
1492
1493	64404839	Tim Meusel	Enable ctdb-driven clustered Samba setups
1494	19908f41	mh
1495	c24d3118	Tim Meusel	Default value: `false`
1496	19908f41	mh
1497	64404839	Tim Meusel	##### <a name="-nftables--rules--samba--action"></a>`action`
1498
1499			Data type: `Enum['accept', 'drop']`
1500
1501			if the traffic should be allowed or dropped
1502
1503			Default value: `'accept'`
1504
1505	c24d3118	Tim Meusel	### <a name="nftables--rules--smtp"></a>`nftables::rules::smtp`
1506	e17693e3	Steve Traylen
1507			manage in smtp
1508
1509	c24d3118	Tim Meusel	### <a name="nftables--rules--smtp_submission"></a>`nftables::rules::smtp_submission`
1510	e17693e3	Steve Traylen
1511			manage in smtp submission
1512
1513	c24d3118	Tim Meusel	### <a name="nftables--rules--smtps"></a>`nftables::rules::smtps`
1514	e17693e3	Steve Traylen
1515			manage in smtps
1516
1517	8b131276	Tim Meusel	### <a name="nftables--rules--spotify"></a>`nftables::rules::spotify`
1518
1519			allow incoming spotify
1520
1521	50a5be8b	Tim Meusel	### <a name="nftables--rules--ssdp"></a>`nftables::rules::ssdp`
1522
1523			allow incoming SSDP
1524
1525			* See also
1526			* https://datatracker.ietf.org/doc/html/draft-cai-ssdp-v1-03
1527
1528			#### Parameters
1529
1530			The following parameters are available in the `nftables::rules::ssdp` class:
1531
1532			* [`ipv4`](#-nftables--rules--ssdp--ipv4)
1533			* [`ipv6`](#-nftables--rules--ssdp--ipv6)
1534
1535			##### <a name="-nftables--rules--ssdp--ipv4"></a>`ipv4`
1536
1537			Data type: `Boolean`
1538
1539			Allow SSDP over IPv4
1540
1541			Default value: `true`
1542
1543			##### <a name="-nftables--rules--ssdp--ipv6"></a>`ipv6`
1544
1545			Data type: `Boolean`
1546
1547			Allow SSDP over IPv6
1548
1549			Default value: `true`
1550
1551	c24d3118	Tim Meusel	### <a name="nftables--rules--ssh"></a>`nftables::rules::ssh`
1552	e17693e3	Steve Traylen
1553			manage in ssh
1554
1555			#### Parameters
1556
1557	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::ssh` class:
1558	e17693e3	Steve Traylen
1559	c24d3118	Tim Meusel	* [`ports`](#-nftables--rules--ssh--ports)
1560	e17693e3	Steve Traylen
1561	c24d3118	Tim Meusel	##### <a name="-nftables--rules--ssh--ports"></a>`ports`
1562	e17693e3	Steve Traylen
1563	09cba182	Steve Traylen	Data type: `Array[Stdlib::Port,1]`
1564	e17693e3	Steve Traylen
1565	09cba182	Steve Traylen	ssh ports
1566	e17693e3	Steve Traylen
1567			Default value: `[22]`
1568
1569	c24d3118	Tim Meusel	### <a name="nftables--rules--tor"></a>`nftables::rules::tor`
1570	e17693e3	Steve Traylen
1571			manage in tor
1572
1573			#### Parameters
1574
1575	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::tor` class:
1576	e17693e3	Steve Traylen
1577	c24d3118	Tim Meusel	* [`ports`](#-nftables--rules--tor--ports)
1578	e17693e3	Steve Traylen
1579	c24d3118	Tim Meusel	##### <a name="-nftables--rules--tor--ports"></a>`ports`
1580	e17693e3	Steve Traylen
1581	09cba182	Steve Traylen	Data type: `Array[Stdlib::Port,1]`
1582	e17693e3	Steve Traylen
1583	09cba182	Steve Traylen	ports for tor
1584	e17693e3	Steve Traylen
1585			Default value: `[9001]`
1586
1587	c24d3118	Tim Meusel	### <a name="nftables--rules--wireguard"></a>`nftables::rules::wireguard`
1588	e17693e3	Steve Traylen
1589			manage in wireguard
1590
1591			#### Parameters
1592
1593	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::wireguard` class:
1594	e17693e3	Steve Traylen
1595	c24d3118	Tim Meusel	* [`ports`](#-nftables--rules--wireguard--ports)
1596	e17693e3	Steve Traylen
1597	c24d3118	Tim Meusel	##### <a name="-nftables--rules--wireguard--ports"></a>`ports`
1598	e17693e3	Steve Traylen
1599	09cba182	Steve Traylen	Data type: `Array[Stdlib::Port,1]`
1600	e17693e3	Steve Traylen
1601	09cba182	Steve Traylen	wiregueard port
1602	e17693e3	Steve Traylen
1603			Default value: `[51820]`
1604
1605	ffc8b86f	Tim Meusel	### <a name="nftables--rules--wsd"></a>`nftables::rules::wsd`
1606
1607			allow incoming webservice discovery
1608
1609			* See also
1610			* https://docs.oasis-open.org/ws-dd/ns/discovery/2009/01
1611
1612			#### Parameters
1613
1614			The following parameters are available in the `nftables::rules::wsd` class:
1615
1616			* [`ipv4`](#-nftables--rules--wsd--ipv4)
1617			* [`ipv6`](#-nftables--rules--wsd--ipv6)
1618
1619			##### <a name="-nftables--rules--wsd--ipv4"></a>`ipv4`
1620
1621			Data type: `Boolean`
1622
1623			Allow ws-discovery over IPv4
1624
1625			Default value: `true`
1626
1627			##### <a name="-nftables--rules--wsd--ipv6"></a>`ipv6`
1628
1629			Data type: `Boolean`
1630
1631			Allow ws-discovery over IPv6
1632
1633			Default value: `true`
1634
1635	c24d3118	Tim Meusel	### <a name="nftables--services--dhcpv6_client"></a>`nftables::services::dhcpv6_client`
1636	7f6cacc5	Steve Traylen
1637	09cba182	Steve Traylen	Allow in and outbound traffic for DHCPv6 server
1638	7f6cacc5	Steve Traylen
1639	c24d3118	Tim Meusel	### <a name="nftables--services--openafs_client"></a>`nftables::services::openafs_client`
1640	7f6cacc5	Steve Traylen
1641	09cba182	Steve Traylen	Open inbound and outbound ports for an AFS client
1642	7f6cacc5	Steve Traylen
1643	e17693e3	Steve Traylen	## Defined types
1644
1645	c24d3118	Tim Meusel	### <a name="nftables--chain"></a>`nftables::chain`
1646	e17693e3	Steve Traylen
1647			manage a chain
1648
1649			#### Parameters
1650
1651	09cba182	Steve Traylen	The following parameters are available in the `nftables::chain` defined type:
1652
1653	c24d3118	Tim Meusel	* [`table`](#-nftables--chain--table)
1654			* [`chain`](#-nftables--chain--chain)
1655			* [`inject`](#-nftables--chain--inject)
1656			* [`inject_iif`](#-nftables--chain--inject_iif)
1657			* [`inject_oif`](#-nftables--chain--inject_oif)
1658	e17693e3	Steve Traylen
1659	c24d3118	Tim Meusel	##### <a name="-nftables--chain--table"></a>`table`
1660	e17693e3	Steve Traylen
1661	7030bde0	Luis Fernández Álvarez	Data type: `Pattern[/^(ip\|ip6\|inet\|netdev\|bridge)-[a-zA-Z0-9_]+$/]`
1662	e17693e3	Steve Traylen
1663
1664
1665			Default value: `'inet-filter'`
1666
1667	c24d3118	Tim Meusel	##### <a name="-nftables--chain--chain"></a>`chain`
1668	e17693e3	Steve Traylen
1669			Data type: `Pattern[/^[a-zA-Z0-9_]+$/]`
1670
1671
1672
1673			Default value: `$title`
1674
1675	c24d3118	Tim Meusel	##### <a name="-nftables--chain--inject"></a>`inject`
1676	e17693e3	Steve Traylen
1677			Data type: `Optional[Pattern[/^\d\d-[a-zA-Z0-9_]+$/]]`
1678
1679
1680
1681	c24d3118	Tim Meusel	Default value: `undef`
1682	e17693e3	Steve Traylen
1683	c24d3118	Tim Meusel	##### <a name="-nftables--chain--inject_iif"></a>`inject_iif`
1684	e17693e3	Steve Traylen
1685			Data type: `Optional[String]`
1686
1687
1688
1689	c24d3118	Tim Meusel	Default value: `undef`
1690	e17693e3	Steve Traylen
1691	c24d3118	Tim Meusel	##### <a name="-nftables--chain--inject_oif"></a>`inject_oif`
1692	e17693e3	Steve Traylen
1693			Data type: `Optional[String]`
1694
1695
1696
1697	c24d3118	Tim Meusel	Default value: `undef`
1698	e17693e3	Steve Traylen
1699	c24d3118	Tim Meusel	### <a name="nftables--config"></a>`nftables::config`
1700	e17693e3	Steve Traylen
1701			manage a config snippet
1702
1703			#### Parameters
1704
1705	09cba182	Steve Traylen	The following parameters are available in the `nftables::config` defined type:
1706	e17693e3	Steve Traylen
1707	c24d3118	Tim Meusel	* [`tablespec`](#-nftables--config--tablespec)
1708			* [`content`](#-nftables--config--content)
1709			* [`source`](#-nftables--config--source)
1710			* [`prefix`](#-nftables--config--prefix)
1711	09cba182	Steve Traylen
1712	c24d3118	Tim Meusel	##### <a name="-nftables--config--tablespec"></a>`tablespec`
1713	13f4e4c6	Steve Traylen
1714			Data type: `Pattern[/^\w+-\w+$/]`
1715
1716
1717
1718			Default value: `$title`
1719
1720	c24d3118	Tim Meusel	##### <a name="-nftables--config--content"></a>`content`
1721	e17693e3	Steve Traylen
1722			Data type: `Optional[String]`
1723
1724
1725
1726	c24d3118	Tim Meusel	Default value: `undef`
1727	e17693e3	Steve Traylen
1728	c24d3118	Tim Meusel	##### <a name="-nftables--config--source"></a>`source`
1729	e17693e3	Steve Traylen
1730			Data type: `Optional[Variant[String,Array[String,1]]]`
1731
1732
1733
1734	c24d3118	Tim Meusel	Default value: `undef`
1735	e17693e3	Steve Traylen
1736	c24d3118	Tim Meusel	##### <a name="-nftables--config--prefix"></a>`prefix`
1737	13f4e4c6	Steve Traylen
1738			Data type: `String`
1739
1740
1741
1742			Default value: `'custom-'`
1743
1744	c24d3118	Tim Meusel	### <a name="nftables--file"></a>`nftables::file`
1745	331b8d85	Steve Traylen
1746			Insert a file into the nftables configuration
1747
1748			#### Examples
1749
1750			##### Include a file that includes other files
1751
1752			```puppet
1753			nftables::file{'geoip':
1754	dab19d29	Kenyon Ralph	content => @(EOT),
1755	331b8d85	Steve Traylen	include "/var/local/geoipsets/dbip/nftset/ipv4/*.ipv4"
1756			include "/var/local/geoipsets/dbip/nftset/ipv6/*.ipv6"
1757	dab19d29	Kenyon Ralph	\|EOT
1758	331b8d85	Steve Traylen	}
1759			```
1760
1761			#### Parameters
1762
1763			The following parameters are available in the `nftables::file` defined type:
1764
1765	c24d3118	Tim Meusel	* [`label`](#-nftables--file--label)
1766			* [`content`](#-nftables--file--content)
1767			* [`source`](#-nftables--file--source)
1768			* [`prefix`](#-nftables--file--prefix)
1769	331b8d85	Steve Traylen
1770	c24d3118	Tim Meusel	##### <a name="-nftables--file--label"></a>`label`
1771	331b8d85	Steve Traylen
1772			Data type: `String[1]`
1773
1774			Unique name to include in filename.
1775
1776			Default value: `$title`
1777
1778	c24d3118	Tim Meusel	##### <a name="-nftables--file--content"></a>`content`
1779	331b8d85	Steve Traylen
1780			Data type: `Optional[String]`
1781
1782			The content to place in the file.
1783
1784	c24d3118	Tim Meusel	Default value: `undef`
1785	331b8d85	Steve Traylen
1786	c24d3118	Tim Meusel	##### <a name="-nftables--file--source"></a>`source`
1787	331b8d85	Steve Traylen
1788			Data type: `Optional[Variant[String,Array[String,1]]]`
1789
1790			A source to obtain the file content from.
1791
1792	c24d3118	Tim Meusel	Default value: `undef`
1793	331b8d85	Steve Traylen
1794	c24d3118	Tim Meusel	##### <a name="-nftables--file--prefix"></a>`prefix`
1795	331b8d85	Steve Traylen
1796			Data type: `String`
1797
1798			Prefix of file name to be created, if left as `file-` it will be
1799			auto included in the main nft configuration
1800
1801			Default value: `'file-'`
1802
1803	baad986e	Vadym Chepkov	### <a name="nftables--helper"></a>`nftables::helper`
1804
1805			manage a conntrack helper
1806
1807			#### Examples
1808
1809			##### FTP helper
1810
1811			```puppet
1812			nftables::helper { 'ftp-standard':
1813			content => 'type "ftp" protocol tcp;',
1814			}
1815			```
1816
1817			#### Parameters
1818
1819			The following parameters are available in the `nftables::helper` defined type:
1820
1821			* [`content`](#-nftables--helper--content)
1822			* [`table`](#-nftables--helper--table)
1823			* [`helper`](#-nftables--helper--helper)
1824
1825			##### <a name="-nftables--helper--content"></a>`content`
1826
1827			Data type: `String`
1828
1829			Conntrack helper definition.
1830
1831			##### <a name="-nftables--helper--table"></a>`table`
1832
1833			Data type: `Pattern[/^(ip\|ip6\|inet)-[a-zA-Z0-9_]+$/]`
1834
1835			The name of the table to add this helper to.
1836
1837			Default value: `'inet-filter'`
1838
1839			##### <a name="-nftables--helper--helper"></a>`helper`
1840
1841			Data type: `Pattern[/^[a-zA-Z0-9_][A-z0-9_-]*$/]`
1842
1843			The symbolic name for the helper.
1844
1845			Default value: `$title`
1846
1847	c24d3118	Tim Meusel	### <a name="nftables--rule"></a>`nftables::rule`
1848	e17693e3	Steve Traylen
1849	13f26dfc	Nacho Barrientos	Provides an interface to create a firewall rule
1850
1851			#### Examples
1852
1853			##### add a rule named 'myhttp' to the 'default_in' chain to allow incoming traffic to TCP port 80
1854
1855			```puppet
1856			nftables::rule {
1857			'default_in-myhttp':
1858			content => 'tcp dport 80 accept',
1859			}
1860			```
1861
1862			##### add a rule named 'count' to the 'PREROUTING6' chain in table 'ip6 nat' to count traffic
1863
1864			```puppet
1865			nftables::rule {
1866			'PREROUTING6-count':
1867			content => 'counter',
1868			table => 'ip6-nat'
1869			}
1870			```
1871	e17693e3	Steve Traylen
1872	94285e5f	Steve Traylen	##### Redirect port 443 to port 8443
1873
1874			```puppet
1875			nftables::rule { 'PREROUTING-redirect':
1876			content => 'tcp dport 443 redirect to :8443',
1877			table => 'ip-nat',
1878			}
1879			nftables::rule{'PREROUTING6-redirect':
1880			content => 'tcp dport 443 redirect to :8443',
1881			table => 'ip6-nat',
1882			}
1883			```
1884
1885	e17693e3	Steve Traylen	#### Parameters
1886
1887	09cba182	Steve Traylen	The following parameters are available in the `nftables::rule` defined type:
1888
1889	c24d3118	Tim Meusel	* [`ensure`](#-nftables--rule--ensure)
1890			* [`rulename`](#-nftables--rule--rulename)
1891			* [`order`](#-nftables--rule--order)
1892			* [`table`](#-nftables--rule--table)
1893			* [`content`](#-nftables--rule--content)
1894			* [`source`](#-nftables--rule--source)
1895	e17693e3	Steve Traylen
1896	c24d3118	Tim Meusel	##### <a name="-nftables--rule--ensure"></a>`ensure`
1897	e17693e3	Steve Traylen
1898			Data type: `Enum['present','absent']`
1899
1900	13f26dfc	Nacho Barrientos	Should the rule be created.
1901	e17693e3	Steve Traylen
1902			Default value: `'present'`
1903
1904	c24d3118	Tim Meusel	##### <a name="-nftables--rule--rulename"></a>`rulename`
1905	e17693e3	Steve Traylen
1906	8c00b818	Nacho Barrientos	Data type: `Nftables::RuleName`
1907	e17693e3	Steve Traylen
1908	13f26dfc	Nacho Barrientos	The symbolic name for the rule and to what chain to add it. The
1909			format is defined by the Nftables::RuleName type.
1910	e17693e3	Steve Traylen
1911			Default value: `$title`
1912
1913	c24d3118	Tim Meusel	##### <a name="-nftables--rule--order"></a>`order`
1914	e17693e3	Steve Traylen
1915			Data type: `Pattern[/^\d\d$/]`
1916
1917	13f26dfc	Nacho Barrientos	A number representing the order of the rule.
1918	e17693e3	Steve Traylen
1919			Default value: `'50'`
1920
1921	c24d3118	Tim Meusel	##### <a name="-nftables--rule--table"></a>`table`
1922	e17693e3	Steve Traylen
1923	b02d6ea9	Nacho Barrientos	Data type: `String`
1924	e17693e3	Steve Traylen
1925	13f26dfc	Nacho Barrientos	The name of the table to add this rule to.
1926	e17693e3	Steve Traylen
1927			Default value: `'inet-filter'`
1928
1929	c24d3118	Tim Meusel	##### <a name="-nftables--rule--content"></a>`content`
1930	e17693e3	Steve Traylen
1931			Data type: `Optional[String]`
1932
1933	13f26dfc	Nacho Barrientos	The raw statements that compose the rule represented using the nftables
1934			language.
1935	e17693e3	Steve Traylen
1936	c24d3118	Tim Meusel	Default value: `undef`
1937	e17693e3	Steve Traylen
1938	c24d3118	Tim Meusel	##### <a name="-nftables--rule--source"></a>`source`
1939	e17693e3	Steve Traylen
1940			Data type: `Optional[Variant[String,Array[String,1]]]`
1941
1942	13f26dfc	Nacho Barrientos	Same goal as content but sourcing the value from a file.
1943	e17693e3	Steve Traylen
1944	c24d3118	Tim Meusel	Default value: `undef`
1945	e17693e3	Steve Traylen
1946	c24d3118	Tim Meusel	### <a name="nftables--rules--dnat4"></a>`nftables::rules::dnat4`
1947	e17693e3	Steve Traylen
1948			manage a ipv4 dnat rule
1949
1950			#### Parameters
1951
1952	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::dnat4` defined type:
1953
1954	c24d3118	Tim Meusel	* [`daddr`](#-nftables--rules--dnat4--daddr)
1955			* [`port`](#-nftables--rules--dnat4--port)
1956			* [`rulename`](#-nftables--rules--dnat4--rulename)
1957			* [`order`](#-nftables--rules--dnat4--order)
1958			* [`chain`](#-nftables--rules--dnat4--chain)
1959			* [`iif`](#-nftables--rules--dnat4--iif)
1960			* [`proto`](#-nftables--rules--dnat4--proto)
1961			* [`dport`](#-nftables--rules--dnat4--dport)
1962			* [`ensure`](#-nftables--rules--dnat4--ensure)
1963	e17693e3	Steve Traylen
1964	c24d3118	Tim Meusel	##### <a name="-nftables--rules--dnat4--daddr"></a>`daddr`
1965	e17693e3	Steve Traylen
1966			Data type: `Pattern[/^[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}$/]`
1967
1968
1969
1970	c24d3118	Tim Meusel	##### <a name="-nftables--rules--dnat4--port"></a>`port`
1971	e17693e3	Steve Traylen
1972	bc1b0f1a	Steve Traylen	Data type: `Variant[String,Stdlib::Port]`
1973	e17693e3	Steve Traylen
1974
1975
1976	c24d3118	Tim Meusel	##### <a name="-nftables--rules--dnat4--rulename"></a>`rulename`
1977	e17693e3	Steve Traylen
1978			Data type: `Pattern[/^[a-zA-Z0-9_]+$/]`
1979
1980
1981
1982			Default value: `$title`
1983
1984	c24d3118	Tim Meusel	##### <a name="-nftables--rules--dnat4--order"></a>`order`
1985	e17693e3	Steve Traylen
1986			Data type: `Pattern[/^\d\d$/]`
1987
1988
1989
1990			Default value: `'50'`
1991
1992	c24d3118	Tim Meusel	##### <a name="-nftables--rules--dnat4--chain"></a>`chain`
1993	e17693e3	Steve Traylen
1994			Data type: `String[1]`
1995
1996
1997
1998			Default value: `'default_fwd'`
1999
2000	c24d3118	Tim Meusel	##### <a name="-nftables--rules--dnat4--iif"></a>`iif`
2001	e17693e3	Steve Traylen
2002			Data type: `Optional[String[1]]`
2003
2004
2005
2006	c24d3118	Tim Meusel	Default value: `undef`
2007	e17693e3	Steve Traylen
2008	c24d3118	Tim Meusel	##### <a name="-nftables--rules--dnat4--proto"></a>`proto`
2009	e17693e3	Steve Traylen
2010			Data type: `Enum['tcp','udp']`
2011
2012
2013
2014			Default value: `'tcp'`
2015
2016	c24d3118	Tim Meusel	##### <a name="-nftables--rules--dnat4--dport"></a>`dport`
2017	e17693e3	Steve Traylen
2018	bc1b0f1a	Steve Traylen	Data type: `Optional[Variant[String,Stdlib::Port]]`
2019	e17693e3	Steve Traylen
2020
2021
2022	c24d3118	Tim Meusel	Default value: `undef`
2023	e17693e3	Steve Traylen
2024	c24d3118	Tim Meusel	##### <a name="-nftables--rules--dnat4--ensure"></a>`ensure`
2025	e17693e3	Steve Traylen
2026			Data type: `Enum['present','absent']`
2027
2028
2029
2030			Default value: `'present'`
2031
2032	c24d3118	Tim Meusel	### <a name="nftables--rules--masquerade"></a>`nftables::rules::masquerade`
2033	e17693e3	Steve Traylen
2034			masquerade all outgoing traffic
2035
2036			#### Parameters
2037
2038	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::masquerade` defined type:
2039	e17693e3	Steve Traylen
2040	c24d3118	Tim Meusel	* [`rulename`](#-nftables--rules--masquerade--rulename)
2041			* [`order`](#-nftables--rules--masquerade--order)
2042			* [`chain`](#-nftables--rules--masquerade--chain)
2043			* [`oif`](#-nftables--rules--masquerade--oif)
2044			* [`saddr`](#-nftables--rules--masquerade--saddr)
2045			* [`daddr`](#-nftables--rules--masquerade--daddr)
2046			* [`proto`](#-nftables--rules--masquerade--proto)
2047			* [`dport`](#-nftables--rules--masquerade--dport)
2048			* [`ensure`](#-nftables--rules--masquerade--ensure)
2049	09cba182	Steve Traylen
2050	c24d3118	Tim Meusel	##### <a name="-nftables--rules--masquerade--rulename"></a>`rulename`
2051	e17693e3	Steve Traylen
2052			Data type: `Pattern[/^[a-zA-Z0-9_]+$/]`
2053
2054
2055
2056			Default value: `$title`
2057
2058	c24d3118	Tim Meusel	##### <a name="-nftables--rules--masquerade--order"></a>`order`
2059	e17693e3	Steve Traylen
2060			Data type: `Pattern[/^\d\d$/]`
2061
2062
2063
2064			Default value: `'70'`
2065
2066	c24d3118	Tim Meusel	##### <a name="-nftables--rules--masquerade--chain"></a>`chain`
2067	e17693e3	Steve Traylen
2068			Data type: `String[1]`
2069
2070
2071
2072			Default value: `'POSTROUTING'`
2073
2074	c24d3118	Tim Meusel	##### <a name="-nftables--rules--masquerade--oif"></a>`oif`
2075	e17693e3	Steve Traylen
2076			Data type: `Optional[String[1]]`
2077
2078
2079
2080	c24d3118	Tim Meusel	Default value: `undef`
2081	e17693e3	Steve Traylen
2082	c24d3118	Tim Meusel	##### <a name="-nftables--rules--masquerade--saddr"></a>`saddr`
2083	e17693e3	Steve Traylen
2084			Data type: `Optional[String[1]]`
2085
2086
2087
2088	c24d3118	Tim Meusel	Default value: `undef`
2089	e17693e3	Steve Traylen
2090	c24d3118	Tim Meusel	##### <a name="-nftables--rules--masquerade--daddr"></a>`daddr`
2091	e17693e3	Steve Traylen
2092			Data type: `Optional[String[1]]`
2093
2094
2095
2096	c24d3118	Tim Meusel	Default value: `undef`
2097	e17693e3	Steve Traylen
2098	c24d3118	Tim Meusel	##### <a name="-nftables--rules--masquerade--proto"></a>`proto`
2099	e17693e3	Steve Traylen
2100			Data type: `Optional[Enum['tcp','udp']]`
2101
2102
2103
2104	c24d3118	Tim Meusel	Default value: `undef`
2105	e17693e3	Steve Traylen
2106	c24d3118	Tim Meusel	##### <a name="-nftables--rules--masquerade--dport"></a>`dport`
2107	e17693e3	Steve Traylen
2108	bc1b0f1a	Steve Traylen	Data type: `Optional[Variant[String,Stdlib::Port]]`
2109	e17693e3	Steve Traylen
2110
2111
2112	c24d3118	Tim Meusel	Default value: `undef`
2113	e17693e3	Steve Traylen
2114	c24d3118	Tim Meusel	##### <a name="-nftables--rules--masquerade--ensure"></a>`ensure`
2115	e17693e3	Steve Traylen
2116			Data type: `Enum['present','absent']`
2117
2118
2119
2120			Default value: `'present'`
2121
2122	c24d3118	Tim Meusel	### <a name="nftables--rules--snat4"></a>`nftables::rules::snat4`
2123	e17693e3	Steve Traylen
2124			manage a ipv4 snat rule
2125
2126			#### Parameters
2127
2128	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::snat4` defined type:
2129
2130	c24d3118	Tim Meusel	* [`snat`](#-nftables--rules--snat4--snat)
2131			* [`rulename`](#-nftables--rules--snat4--rulename)
2132			* [`order`](#-nftables--rules--snat4--order)
2133			* [`chain`](#-nftables--rules--snat4--chain)
2134			* [`oif`](#-nftables--rules--snat4--oif)
2135			* [`saddr`](#-nftables--rules--snat4--saddr)
2136			* [`proto`](#-nftables--rules--snat4--proto)
2137			* [`dport`](#-nftables--rules--snat4--dport)
2138			* [`ensure`](#-nftables--rules--snat4--ensure)
2139	e17693e3	Steve Traylen
2140	c24d3118	Tim Meusel	##### <a name="-nftables--rules--snat4--snat"></a>`snat`
2141	e17693e3	Steve Traylen
2142			Data type: `String[1]`
2143
2144
2145
2146	c24d3118	Tim Meusel	##### <a name="-nftables--rules--snat4--rulename"></a>`rulename`
2147	e17693e3	Steve Traylen
2148			Data type: `Pattern[/^[a-zA-Z0-9_]+$/]`
2149
2150
2151
2152			Default value: `$title`
2153
2154	c24d3118	Tim Meusel	##### <a name="-nftables--rules--snat4--order"></a>`order`
2155	e17693e3	Steve Traylen
2156			Data type: `Pattern[/^\d\d$/]`
2157
2158
2159
2160			Default value: `'70'`
2161
2162	c24d3118	Tim Meusel	##### <a name="-nftables--rules--snat4--chain"></a>`chain`
2163	e17693e3	Steve Traylen
2164			Data type: `String[1]`
2165
2166
2167
2168			Default value: `'POSTROUTING'`
2169
2170	c24d3118	Tim Meusel	##### <a name="-nftables--rules--snat4--oif"></a>`oif`
2171	e17693e3	Steve Traylen
2172			Data type: `Optional[String[1]]`
2173
2174
2175
2176	c24d3118	Tim Meusel	Default value: `undef`
2177	e17693e3	Steve Traylen
2178	c24d3118	Tim Meusel	##### <a name="-nftables--rules--snat4--saddr"></a>`saddr`
2179	e17693e3	Steve Traylen
2180			Data type: `Optional[String[1]]`
2181
2182
2183
2184	c24d3118	Tim Meusel	Default value: `undef`
2185	e17693e3	Steve Traylen
2186	c24d3118	Tim Meusel	##### <a name="-nftables--rules--snat4--proto"></a>`proto`
2187	e17693e3	Steve Traylen
2188			Data type: `Optional[Enum['tcp','udp']]`
2189
2190
2191
2192	c24d3118	Tim Meusel	Default value: `undef`
2193	e17693e3	Steve Traylen
2194	c24d3118	Tim Meusel	##### <a name="-nftables--rules--snat4--dport"></a>`dport`
2195	e17693e3	Steve Traylen
2196	bc1b0f1a	Steve Traylen	Data type: `Optional[Variant[String,Stdlib::Port]]`
2197	e17693e3	Steve Traylen
2198
2199
2200	c24d3118	Tim Meusel	Default value: `undef`
2201	e17693e3	Steve Traylen
2202	c24d3118	Tim Meusel	##### <a name="-nftables--rules--snat4--ensure"></a>`ensure`
2203	e17693e3	Steve Traylen
2204			Data type: `Enum['present','absent']`
2205
2206
2207
2208			Default value: `'present'`
2209
2210	c24d3118	Tim Meusel	### <a name="nftables--set"></a>`nftables::set`
2211	7f6cacc5	Steve Traylen
2212			manage a named set
2213
2214	13f4e4c6	Steve Traylen	#### Examples
2215
2216			##### simple set
2217
2218			```puppet
2219			nftables::set{'my_set':
2220			type => 'ipv4_addr',
2221			flags => ['interval'],
2222			elements => ['192.168.0.1/24', '10.0.0.2'],
2223			auto_merge => true,
2224			}
2225			```
2226
2227	7f6cacc5	Steve Traylen	#### Parameters
2228
2229	09cba182	Steve Traylen	The following parameters are available in the `nftables::set` defined type:
2230
2231	c24d3118	Tim Meusel	* [`ensure`](#-nftables--set--ensure)
2232			* [`setname`](#-nftables--set--setname)
2233			* [`order`](#-nftables--set--order)
2234			* [`type`](#-nftables--set--type)
2235			* [`table`](#-nftables--set--table)
2236			* [`flags`](#-nftables--set--flags)
2237			* [`timeout`](#-nftables--set--timeout)
2238			* [`gc_interval`](#-nftables--set--gc_interval)
2239			* [`elements`](#-nftables--set--elements)
2240			* [`size`](#-nftables--set--size)
2241			* [`policy`](#-nftables--set--policy)
2242			* [`auto_merge`](#-nftables--set--auto_merge)
2243			* [`content`](#-nftables--set--content)
2244			* [`source`](#-nftables--set--source)
2245
2246			##### <a name="-nftables--set--ensure"></a>`ensure`
2247	7f6cacc5	Steve Traylen
2248			Data type: `Enum['present','absent']`
2249
2250	13f4e4c6	Steve Traylen	should the set be created.
2251	7f6cacc5	Steve Traylen
2252			Default value: `'present'`
2253
2254	c24d3118	Tim Meusel	##### <a name="-nftables--set--setname"></a>`setname`
2255	7f6cacc5	Steve Traylen
2256			Data type: `Pattern[/^[-a-zA-Z0-9_]+$/]`
2257
2258	13f4e4c6	Steve Traylen	name of set, equal to to title.
2259	7f6cacc5	Steve Traylen
2260			Default value: `$title`
2261
2262	c24d3118	Tim Meusel	##### <a name="-nftables--set--order"></a>`order`
2263	7f6cacc5	Steve Traylen
2264			Data type: `Pattern[/^\d\d$/]`
2265
2266	13f4e4c6	Steve Traylen	concat ordering.
2267	7f6cacc5	Steve Traylen
2268			Default value: `'10'`
2269
2270	c24d3118	Tim Meusel	##### <a name="-nftables--set--type"></a>`type`
2271	7f6cacc5	Steve Traylen
2272			Data type: `Optional[Enum['ipv4_addr', 'ipv6_addr', 'ether_addr', 'inet_proto', 'inet_service', 'mark']]`
2273
2274	13f4e4c6	Steve Traylen	type of set.
2275	7f6cacc5	Steve Traylen
2276	c24d3118	Tim Meusel	Default value: `undef`
2277	7f6cacc5	Steve Traylen
2278	c24d3118	Tim Meusel	##### <a name="-nftables--set--table"></a>`table`
2279	7f6cacc5	Steve Traylen
2280	c94658e1	Nacho Barrientos	Data type: `Variant[String, Array[String, 1]]`
2281	7f6cacc5	Steve Traylen
2282	c94658e1	Nacho Barrientos	table or array of tables to add the set to.
2283	7f6cacc5	Steve Traylen
2284			Default value: `'inet-filter'`
2285
2286	c24d3118	Tim Meusel	##### <a name="-nftables--set--flags"></a>`flags`
2287	7f6cacc5	Steve Traylen
2288			Data type: `Array[Enum['constant', 'dynamic', 'interval', 'timeout'], 0, 4]`
2289
2290	13f4e4c6	Steve Traylen	specify flags for set
2291	7f6cacc5	Steve Traylen
2292			Default value: `[]`
2293
2294	c24d3118	Tim Meusel	##### <a name="-nftables--set--timeout"></a>`timeout`
2295	7f6cacc5	Steve Traylen
2296			Data type: `Optional[Integer]`
2297
2298	13f4e4c6	Steve Traylen	timeout in seconds
2299	7f6cacc5	Steve Traylen
2300	c24d3118	Tim Meusel	Default value: `undef`
2301	7f6cacc5	Steve Traylen
2302	c24d3118	Tim Meusel	##### <a name="-nftables--set--gc_interval"></a>`gc_interval`
2303	7f6cacc5	Steve Traylen
2304			Data type: `Optional[Integer]`
2305
2306	13f4e4c6	Steve Traylen	garbage collection interval.
2307	7f6cacc5	Steve Traylen
2308	c24d3118	Tim Meusel	Default value: `undef`
2309	7f6cacc5	Steve Traylen
2310	c24d3118	Tim Meusel	##### <a name="-nftables--set--elements"></a>`elements`
2311	7f6cacc5	Steve Traylen
2312			Data type: `Optional[Array[String]]`
2313
2314	13f4e4c6	Steve Traylen	initialize the set with some elements in it.
2315	7f6cacc5	Steve Traylen
2316	c24d3118	Tim Meusel	Default value: `undef`
2317	7f6cacc5	Steve Traylen
2318	c24d3118	Tim Meusel	##### <a name="-nftables--set--size"></a>`size`
2319	7f6cacc5	Steve Traylen
2320			Data type: `Optional[Integer]`
2321
2322	13f4e4c6	Steve Traylen	limits the maximum number of elements of the set.
2323	7f6cacc5	Steve Traylen
2324	c24d3118	Tim Meusel	Default value: `undef`
2325	7f6cacc5	Steve Traylen
2326	c24d3118	Tim Meusel	##### <a name="-nftables--set--policy"></a>`policy`
2327	7f6cacc5	Steve Traylen
2328			Data type: `Optional[Enum['performance', 'memory']]`
2329
2330	13f4e4c6	Steve Traylen	determines set selection policy.
2331	7f6cacc5	Steve Traylen
2332	c24d3118	Tim Meusel	Default value: `undef`
2333	7f6cacc5	Steve Traylen
2334	c24d3118	Tim Meusel	##### <a name="-nftables--set--auto_merge"></a>`auto_merge`
2335	7f6cacc5	Steve Traylen
2336			Data type: `Boolean`
2337
2338	f1d50c1e	Tim Meusel	automatically merge adjacent/overlapping set elements (only valid for interval sets)
2339	7f6cacc5	Steve Traylen
2340	c24d3118	Tim Meusel	Default value: `false`
2341	7f6cacc5	Steve Traylen
2342	c24d3118	Tim Meusel	##### <a name="-nftables--set--content"></a>`content`
2343	7f6cacc5	Steve Traylen
2344			Data type: `Optional[String]`
2345
2346	13f4e4c6	Steve Traylen	specify content of set.
2347	7f6cacc5	Steve Traylen
2348	c24d3118	Tim Meusel	Default value: `undef`
2349	7f6cacc5	Steve Traylen
2350	c24d3118	Tim Meusel	##### <a name="-nftables--set--source"></a>`source`
2351	7f6cacc5	Steve Traylen
2352			Data type: `Optional[Variant[String,Array[String,1]]]`
2353
2354	13f4e4c6	Steve Traylen	specify source of set.
2355	7f6cacc5	Steve Traylen
2356	c24d3118	Tim Meusel	Default value: `undef`
2357	7f6cacc5	Steve Traylen
2358	c24d3118	Tim Meusel	### <a name="nftables--simplerule"></a>`nftables::simplerule`
2359	4d63adda	Nacho Barrientos
2360	b46c9ce9	Nacho Barrientos	Provides a simplified interface to nftables::rule
2361	4d63adda	Nacho Barrientos
2362	b46c9ce9	Nacho Barrientos	#### Examples
2363	4d63adda	Nacho Barrientos
2364	b46c9ce9	Nacho Barrientos	##### allow incoming traffic from port 541 on port 543 TCP to a given IP range and count packets
2365	4d63adda	Nacho Barrientos
2366	b46c9ce9	Nacho Barrientos	```puppet
2367			nftables::simplerule{'my_service_in':
2368			action => 'accept',
2369			comment => 'allow traffic to port 543',
2370			counter => true,
2371			proto => 'tcp',
2372			dport => 543,
2373			daddr => '2001:1458::/32',
2374			sport => 541,
2375			}
2376			```
2377	4d63adda	Nacho Barrientos
2378	b46c9ce9	Nacho Barrientos	#### Parameters
2379	4d63adda	Nacho Barrientos
2380	09cba182	Steve Traylen	The following parameters are available in the `nftables::simplerule` defined type:
2381
2382	c24d3118	Tim Meusel	* [`ensure`](#-nftables--simplerule--ensure)
2383			* [`rulename`](#-nftables--simplerule--rulename)
2384			* [`order`](#-nftables--simplerule--order)
2385			* [`chain`](#-nftables--simplerule--chain)
2386			* [`table`](#-nftables--simplerule--table)
2387			* [`action`](#-nftables--simplerule--action)
2388			* [`comment`](#-nftables--simplerule--comment)
2389			* [`dport`](#-nftables--simplerule--dport)
2390			* [`proto`](#-nftables--simplerule--proto)
2391			* [`daddr`](#-nftables--simplerule--daddr)
2392			* [`set_type`](#-nftables--simplerule--set_type)
2393			* [`sport`](#-nftables--simplerule--sport)
2394			* [`saddr`](#-nftables--simplerule--saddr)
2395			* [`counter`](#-nftables--simplerule--counter)
2396	25b3f3f4	Tim Meusel	* [`iifname`](#-nftables--simplerule--iifname)
2397	d7d6d5d3	Tim Meusel	* [`oifname`](#-nftables--simplerule--oifname)
2398	c24d3118	Tim Meusel
2399			##### <a name="-nftables--simplerule--ensure"></a>`ensure`
2400	13f4e4c6	Steve Traylen
2401			Data type: `Enum['present','absent']`
2402
2403			Should the rule be created.
2404
2405			Default value: `'present'`
2406
2407	c24d3118	Tim Meusel	##### <a name="-nftables--simplerule--rulename"></a>`rulename`
2408	4d63adda	Nacho Barrientos
2409	8c00b818	Nacho Barrientos	Data type: `Nftables::SimpleRuleName`
2410	4d63adda	Nacho Barrientos
2411	b46c9ce9	Nacho Barrientos	The symbolic name for the rule to add. Defaults to the resource's title.
2412	4d63adda	Nacho Barrientos
2413			Default value: `$title`
2414
2415	c24d3118	Tim Meusel	##### <a name="-nftables--simplerule--order"></a>`order`
2416	4d63adda	Nacho Barrientos
2417			Data type: `Pattern[/^\d\d$/]`
2418
2419	b46c9ce9	Nacho Barrientos	A number representing the order of the rule.
2420	4d63adda	Nacho Barrientos
2421			Default value: `'50'`
2422
2423	c24d3118	Tim Meusel	##### <a name="-nftables--simplerule--chain"></a>`chain`
2424	4d63adda	Nacho Barrientos
2425			Data type: `String`
2426
2427	b46c9ce9	Nacho Barrientos	The name of the chain to add this rule to.
2428	4d63adda	Nacho Barrientos
2429			Default value: `'default_in'`
2430
2431	c24d3118	Tim Meusel	##### <a name="-nftables--simplerule--table"></a>`table`
2432	4d63adda	Nacho Barrientos
2433			Data type: `String`
2434
2435	b46c9ce9	Nacho Barrientos	The name of the table to add this rule to.
2436	4d63adda	Nacho Barrientos
2437			Default value: `'inet-filter'`
2438
2439	c24d3118	Tim Meusel	##### <a name="-nftables--simplerule--action"></a>`action`
2440	4d63adda	Nacho Barrientos
2441			Data type: `Enum['accept', 'continue', 'drop', 'queue', 'return']`
2442
2443	b46c9ce9	Nacho Barrientos	The verdict for the matched traffic.
2444	4d63adda	Nacho Barrientos
2445			Default value: `'accept'`
2446
2447	c24d3118	Tim Meusel	##### <a name="-nftables--simplerule--comment"></a>`comment`
2448	4d63adda	Nacho Barrientos
2449			Data type: `Optional[String]`
2450
2451	b46c9ce9	Nacho Barrientos	A typically human-readable comment for the rule.
2452	4d63adda	Nacho Barrientos
2453	c24d3118	Tim Meusel	Default value: `undef`
2454	4d63adda	Nacho Barrientos
2455	c24d3118	Tim Meusel	##### <a name="-nftables--simplerule--dport"></a>`dport`
2456	4d63adda	Nacho Barrientos
2457			Data type: `Optional[Nftables::Port]`
2458
2459	b46c9ce9	Nacho Barrientos	The destination port, ports or port range.
2460	4d63adda	Nacho Barrientos
2461	c24d3118	Tim Meusel	Default value: `undef`
2462	4d63adda	Nacho Barrientos
2463	c24d3118	Tim Meusel	##### <a name="-nftables--simplerule--proto"></a>`proto`
2464	4d63adda	Nacho Barrientos
2465			Data type: `Optional[Enum['tcp', 'tcp4', 'tcp6', 'udp', 'udp4', 'udp6']]`
2466
2467	b46c9ce9	Nacho Barrientos	The transport-layer protocol to match.
2468	4d63adda	Nacho Barrientos
2469	c24d3118	Tim Meusel	Default value: `undef`
2470	4d63adda	Nacho Barrientos
2471	c24d3118	Tim Meusel	##### <a name="-nftables--simplerule--daddr"></a>`daddr`
2472	4d63adda	Nacho Barrientos
2473			Data type: `Optional[Nftables::Addr]`
2474
2475	b46c9ce9	Nacho Barrientos	The destination address, CIDR or set to match.
2476	4d63adda	Nacho Barrientos
2477	c24d3118	Tim Meusel	Default value: `undef`
2478	4d63adda	Nacho Barrientos
2479	c24d3118	Tim Meusel	##### <a name="-nftables--simplerule--set_type"></a>`set_type`
2480	4d63adda	Nacho Barrientos
2481			Data type: `Enum['ip', 'ip6']`
2482
2483	b46c9ce9	Nacho Barrientos	When using sets as saddr or daddr, the type of the set.
2484			Use `ip` for sets of type `ipv4_addr`.
2485	4d63adda	Nacho Barrientos
2486			Default value: `'ip6'`
2487
2488	c24d3118	Tim Meusel	##### <a name="-nftables--simplerule--sport"></a>`sport`
2489	4d63adda	Nacho Barrientos
2490			Data type: `Optional[Nftables::Port]`
2491
2492	b46c9ce9	Nacho Barrientos	The source port, ports or port range.
2493	4d63adda	Nacho Barrientos
2494	c24d3118	Tim Meusel	Default value: `undef`
2495	4d63adda	Nacho Barrientos
2496	c24d3118	Tim Meusel	##### <a name="-nftables--simplerule--saddr"></a>`saddr`
2497	4d63adda	Nacho Barrientos
2498			Data type: `Optional[Nftables::Addr]`
2499
2500	b46c9ce9	Nacho Barrientos	The source address, CIDR or set to match.
2501	4d63adda	Nacho Barrientos
2502	c24d3118	Tim Meusel	Default value: `undef`
2503	4d63adda	Nacho Barrientos
2504	c24d3118	Tim Meusel	##### <a name="-nftables--simplerule--counter"></a>`counter`
2505	4d63adda	Nacho Barrientos
2506			Data type: `Boolean`
2507
2508	b46c9ce9	Nacho Barrientos	Enable traffic counters for the matched traffic.
2509	4d63adda	Nacho Barrientos
2510	c24d3118	Tim Meusel	Default value: `false`
2511	4d63adda	Nacho Barrientos
2512	25b3f3f4	Tim Meusel	##### <a name="-nftables--simplerule--iifname"></a>`iifname`
2513
2514	e846c98b	Tim Meusel	Data type: `Variant[Array[String[1]],String[1]]`
2515	25b3f3f4	Tim Meusel
2516			Optional filter for the incoming interface
2517
2518	e846c98b	Tim Meusel	Default value: `[]`
2519	25b3f3f4	Tim Meusel
2520	d7d6d5d3	Tim Meusel	##### <a name="-nftables--simplerule--oifname"></a>`oifname`
2521
2522	e846c98b	Tim Meusel	Data type: `Variant[Array[String[1]],String[1]]`
2523	d7d6d5d3	Tim Meusel
2524			Optional filter for the outgoing interface
2525
2526	e846c98b	Tim Meusel	Default value: `[]`
2527	d7d6d5d3	Tim Meusel
2528	4d63adda	Nacho Barrientos	## Data types
2529
2530	c24d3118	Tim Meusel	### <a name="Nftables--Addr"></a>`Nftables::Addr`
2531	4d63adda	Nacho Barrientos
2532			Represents an address expression to be used within a rule.
2533
2534	9d02e9f8	Stéphanie Jaumotte	Alias of `Variant[Stdlib::IP::Address::V6, Stdlib::IP::Address::V4, Nftables::Addr::Set, Array[Stdlib::IP::Address::V6], Array[Stdlib::IP::Address::V4], Array[Nftables::Addr::Set]]`
2535	09cba182	Steve Traylen
2536	c24d3118	Tim Meusel	### <a name="Nftables--Addr--Set"></a>`Nftables::Addr::Set`
2537	4d63adda	Nacho Barrientos
2538			Represents a set expression to be used within a rule.
2539
2540	c24d3118	Tim Meusel	Alias of `Pattern[/^@[-a-zA-Z0-9_]+$/]`
2541	4d63adda	Nacho Barrientos
2542	c24d3118	Tim Meusel	### <a name="Nftables--Port"></a>`Nftables::Port`
2543	4d63adda	Nacho Barrientos
2544			Represents a port expression to be used within a rule.
2545
2546	4acda787	Tim Skirvin	Alias of `Variant[Array[Variant[Nftables::Port::Range, Stdlib::Port], 1], Stdlib::Port, Nftables::Port::Range]`
2547	4d63adda	Nacho Barrientos
2548	c24d3118	Tim Meusel	### <a name="Nftables--Port--Range"></a>`Nftables::Port::Range`
2549	4d63adda	Nacho Barrientos
2550			Represents a port range expression to be used within a rule.
2551
2552	c24d3118	Tim Meusel	Alias of `Pattern[/^\d+-\d+$/]`
2553	4d63adda	Nacho Barrientos
2554	c24d3118	Tim Meusel	### <a name="Nftables--RuleName"></a>`Nftables::RuleName`
2555	8c00b818	Nacho Barrientos
2556			Represents a rule name to be used in a raw rule created via nftables::rule.
2557			It's a dash separated string. The first component describes the chain to
2558			add the rule to, the second the rule name and the (optional) third a number.
2559			Ex: 'default_in-sshd', 'default_out-my_service-2'.
2560
2561	c24d3118	Tim Meusel	Alias of `Pattern[/^[a-zA-Z0-9_]+-[a-zA-Z0-9_]+(-\d+)?$/]`
2562	09cba182	Steve Traylen
2563	c24d3118	Tim Meusel	### <a name="Nftables--SimpleRuleName"></a>`Nftables::SimpleRuleName`
2564	8c00b818	Nacho Barrientos
2565			Represents a simple rule name to be used in a rule created via nftables::simplerule
2566
2567	c24d3118	Tim Meusel	Alias of `Pattern[/^[a-zA-Z0-9_]+(-\d+)?$/]`

Projet

Général

Profil

puppet nftables

root / REFERENCE.md @ 53aa1fa8