Révision 70727742
Add a parameter to control the fate of discarded packets
| manifests/init.pp | ||
|---|---|---|
| 26 | 26 |
# @param in_ssh |
| 27 | 27 |
# Allow inbound to ssh servers. |
| 28 | 28 |
# |
| 29 |
# @param reject_with |
|
| 30 |
# How to discard packets not matching any rule. If `false`, the |
|
| 31 |
# fate of the packet will be defined by the chain policy (normally |
|
| 32 |
# drop), otherwise the packet will be rejected with the REJECT_WITH |
|
| 33 |
# policy indicated by the value of this parameter. |
|
| 34 |
# |
|
| 29 | 35 |
class nftables ( |
| 30 |
Boolean $in_ssh = true, |
|
| 31 |
Boolean $out_ntp = true, |
|
| 32 |
Boolean $out_dns = true, |
|
| 33 |
Boolean $out_http = true, |
|
| 34 |
Boolean $out_https = true, |
|
| 35 |
Boolean $out_all = false, |
|
| 36 |
Hash $rules = {},
|
|
| 37 |
String $log_prefix = '[nftables] %<chain>s Rejected: ', |
|
| 36 |
Boolean $in_ssh = true, |
|
| 37 |
Boolean $out_ntp = true, |
|
| 38 |
Boolean $out_dns = true, |
|
| 39 |
Boolean $out_http = true, |
|
| 40 |
Boolean $out_https = true, |
|
| 41 |
Boolean $out_all = false, |
|
| 42 |
Hash $rules = {},
|
|
| 43 |
String $log_prefix = '[nftables] %<chain>s Rejected: ', |
|
| 44 |
Variant[Boolean[false], Pattern[ |
|
| 45 |
/icmp(v6|x)? type .+|tcp reset/]] |
|
| 46 |
$reject_with = 'icmpx type port-unreachable', |
|
| 38 | 47 |
) {
|
| 39 | 48 |
|
| 40 | 49 |
package{'nftables':
|
Formats disponibles : Unified diff