Révision 7b9d6ffc
Allow creating a totally empty firewall
By setting `nftables::inet_filter` and `nftables::nat` to `false`
users can now start off from a totally empty firewall and add the
tables, chains and rules they'd like.
The default skeleton for inet-filter, ip-nat and ip6-nat is kept
enabled by default.
Fixes #95.
| README.md | ||
|---|---|---|
| 47 | 47 |
INPUT and OUTPUT to the loopback device is allowed by |
| 48 | 48 |
default, though you could restrict it later. |
| 49 | 49 |
|
| 50 |
On the other hand, if you don't want any of the default tables, chains |
|
| 51 |
and rules created by the module, you can set `nftables::inet_filter` |
|
| 52 |
and/or `nftables::nat` to `false` and build your whole nftables |
|
| 53 |
configuration from scratch by using the building blocks provided by |
|
| 54 |
this module. Looking at `nftables::inet_filter` for inspiration might |
|
| 55 |
be a good idea. |
|
| 56 |
|
|
| 50 | 57 |
## Rules Validation |
| 51 | 58 |
|
| 52 | 59 |
Initially puppet deploys all configuration to |
Formats disponibles : Unified diff