Révision 79e9a23f
Move ICMP stuff to separate classes
| manifests/init.pp | ||
|---|---|---|
| 23 | 23 |
# @param out_https |
| 24 | 24 |
# Allow outbound to https servers. |
| 25 | 25 |
# |
| 26 |
# @param out_icmp |
|
| 27 |
# Allow outbound ICMPv4/v6 traffic. |
|
| 28 |
# |
|
| 26 | 29 |
# @param in_ssh |
| 27 | 30 |
# Allow inbound to ssh servers. |
| 28 | 31 |
# |
| 32 |
# @param in_icmp |
|
| 33 |
# Allow inbound ICMPv4/v6 traffic. |
|
| 34 |
# |
|
| 29 | 35 |
# @param log_prefix |
| 30 | 36 |
# String that will be used as prefix when logging packets. It can contain |
| 31 | 37 |
# two variables using standard sprintf() string-formatting: |
| ... | ... | |
| 44 | 50 |
# |
| 45 | 51 |
class nftables ( |
| 46 | 52 |
Boolean $in_ssh = true, |
| 53 |
Boolean $in_icmp = true, |
|
| 47 | 54 |
Boolean $out_ntp = true, |
| 48 | 55 |
Boolean $out_dns = true, |
| 49 | 56 |
Boolean $out_http = true, |
| 50 | 57 |
Boolean $out_https = true, |
| 58 |
Boolean $out_icmp = true, |
|
| 51 | 59 |
Boolean $out_all = false, |
| 52 | 60 |
Boolean $in_out_conntrack = true, |
| 53 | 61 |
Hash $rules = {},
|
Formats disponibles : Unified diff