Révision a8908f9c
Code formatting
| README.md | ||
|---|---|---|
| 11 | 11 |
outbound ICMP, DNS, NTP, HTTP, and HTTPS, and inbound ICMP and SSH |
| 12 | 12 |
traffic: |
| 13 | 13 |
|
| 14 |
include nftables |
|
| 14 |
```puppet |
|
| 15 |
include nftables |
|
| 16 |
``` |
|
| 15 | 17 |
|
| 16 | 18 |
This can be overridden using parameters, for example, this allows all |
| 17 | 19 |
outbound traffic: |
| 18 | 20 |
|
| 19 |
class { 'nftables':
|
|
| 20 |
out_all => true, |
|
| 21 |
} |
|
| 21 |
```puppet |
|
| 22 |
class { 'nftables':
|
|
| 23 |
out_all => true, |
|
| 24 |
} |
|
| 25 |
``` |
|
| 22 | 26 |
|
| 23 | 27 |
There are also pre-built rules for specific services, for example this |
| 24 | 28 |
will allow a web server to serve traffic over HTTPS: |
| 25 | 29 |
|
| 26 |
include nftables |
|
| 27 |
include nftables::rules::https |
|
| 30 |
```puppet |
|
| 31 |
include nftables |
|
| 32 |
include nftables::rules::https |
|
| 33 |
``` |
|
| 28 | 34 |
|
| 29 | 35 |
Note that the module conflicts with the `firewalld` system and will |
| 30 | 36 |
stop it in Puppet runs. |
Formats disponibles : Unified diff