Révision a9bbb10d
provide an option to disable logging rejected packets
| manifests/init.pp | ||
|---|---|---|
| 55 | 55 |
# * chain: Will be replaced by the name of the chain. |
| 56 | 56 |
# * comment: Allows chains to add extra comments. |
| 57 | 57 |
# |
| 58 |
# @param log_discarded |
|
| 59 |
# Allow to log discarded packets |
|
| 60 |
# |
|
| 58 | 61 |
# @param log_limit |
| 59 | 62 |
# String with the content of a limit statement to be applied |
| 60 | 63 |
# to the rules that log discarded traffic. Set to false to |
| ... | ... | |
| 121 | 124 |
Hash $sets = {},
|
| 122 | 125 |
String $log_prefix = '[nftables] %<chain>s %<comment>s', |
| 123 | 126 |
String[1] $nat_table_name = 'nat', |
| 127 |
Boolean $log_discarded = true, |
|
| 124 | 128 |
Variant[Boolean[false], String] $log_limit = '3/minute burst 5 packets', |
| 125 | 129 |
Variant[Boolean[false], Pattern[/icmp(v6|x)? type .+|tcp reset/]] $reject_with = 'icmpx type port-unreachable', |
| 126 | 130 |
Variant[Boolean[false], Enum['mask']] $firewalld_enable = 'mask', |
Formats disponibles : Unified diff