Révision b46c9ce9
Remove a blank separating the doc string and the code
Otherwise the generator of the docs does not do the job :/
| REFERENCE.md | ||
|---|---|---|
| 66 | 66 |
* [`nftables::rules::masquerade`](#nftablesrulesmasquerade): masquerade all outgoing traffic |
| 67 | 67 |
* [`nftables::rules::snat4`](#nftablesrulessnat4): manage a ipv4 snat rule |
| 68 | 68 |
* [`nftables::set`](#nftablesset): manage a named set |
| 69 |
* [`nftables::simplerule`](#nftablessimplerule) |
|
| 69 |
* [`nftables::simplerule`](#nftablessimplerule): Provides a simplified interface to nftables::rule
|
|
| 70 | 70 |
|
| 71 | 71 |
### Data types |
| 72 | 72 |
|
| ... | ... | |
| 1225 | 1225 |
|
| 1226 | 1226 |
### `nftables::simplerule` |
| 1227 | 1227 |
|
| 1228 |
The nftables::simplerule class.
|
|
| 1228 |
Provides a simplified interface to nftables::rule
|
|
| 1229 | 1229 |
|
| 1230 |
#### Parameters |
|
| 1231 |
|
|
| 1232 |
The following parameters are available in the `nftables::simplerule` defined type. |
|
| 1233 |
|
|
| 1234 |
##### `ensure` |
|
| 1230 |
#### Examples |
|
| 1235 | 1231 |
|
| 1236 |
Data type: `Enum['present','absent']`
|
|
| 1232 |
##### allow incoming traffic from port 541 on port 543 TCP to a given IP range and count packets
|
|
| 1237 | 1233 |
|
| 1234 |
```puppet |
|
| 1235 |
nftables::simplerule{'my_service_in':
|
|
| 1236 |
action => 'accept', |
|
| 1237 |
comment => 'allow traffic to port 543', |
|
| 1238 |
counter => true, |
|
| 1239 |
proto => 'tcp', |
|
| 1240 |
dport => 543, |
|
| 1241 |
daddr => '2001:1458::/32', |
|
| 1242 |
sport => 541, |
|
| 1243 |
} |
|
| 1244 |
``` |
|
| 1238 | 1245 |
|
| 1246 |
#### Parameters |
|
| 1239 | 1247 |
|
| 1240 |
Default value: `'present'`
|
|
| 1248 |
The following parameters are available in the `nftables::simplerule` defined type.
|
|
| 1241 | 1249 |
|
| 1242 | 1250 |
##### `rulename` |
| 1243 | 1251 |
|
| 1244 | 1252 |
Data type: `Pattern[/^[-a-zA-Z0-9_]+$/]` |
| 1245 | 1253 |
|
| 1246 |
|
|
| 1254 |
The symbolic name for the rule to add. Defaults to the resource's title. |
|
| 1247 | 1255 |
|
| 1248 | 1256 |
Default value: `$title` |
| 1249 | 1257 |
|
| ... | ... | |
| 1251 | 1259 |
|
| 1252 | 1260 |
Data type: `Pattern[/^\d\d$/]` |
| 1253 | 1261 |
|
| 1254 |
|
|
| 1262 |
A number representing the order of the rule. |
|
| 1255 | 1263 |
|
| 1256 | 1264 |
Default value: `'50'` |
| 1257 | 1265 |
|
| ... | ... | |
| 1259 | 1267 |
|
| 1260 | 1268 |
Data type: `String` |
| 1261 | 1269 |
|
| 1262 |
|
|
| 1270 |
The name of the chain to add this rule to. |
|
| 1263 | 1271 |
|
| 1264 | 1272 |
Default value: `'default_in'` |
| 1265 | 1273 |
|
| ... | ... | |
| 1267 | 1275 |
|
| 1268 | 1276 |
Data type: `String` |
| 1269 | 1277 |
|
| 1270 |
|
|
| 1278 |
The name of the table to add this rule to. |
|
| 1271 | 1279 |
|
| 1272 | 1280 |
Default value: `'inet-filter'` |
| 1273 | 1281 |
|
| ... | ... | |
| 1275 | 1283 |
|
| 1276 | 1284 |
Data type: `Enum['accept', 'continue', 'drop', 'queue', 'return']` |
| 1277 | 1285 |
|
| 1278 |
|
|
| 1286 |
The verdict for the matched traffic. |
|
| 1279 | 1287 |
|
| 1280 | 1288 |
Default value: `'accept'` |
| 1281 | 1289 |
|
| ... | ... | |
| 1283 | 1291 |
|
| 1284 | 1292 |
Data type: `Optional[String]` |
| 1285 | 1293 |
|
| 1286 |
|
|
| 1294 |
A typically human-readable comment for the rule. |
|
| 1287 | 1295 |
|
| 1288 | 1296 |
Default value: ``undef`` |
| 1289 | 1297 |
|
| ... | ... | |
| 1291 | 1299 |
|
| 1292 | 1300 |
Data type: `Optional[Nftables::Port]` |
| 1293 | 1301 |
|
| 1294 |
|
|
| 1302 |
The destination port, ports or port range. |
|
| 1295 | 1303 |
|
| 1296 | 1304 |
Default value: ``undef`` |
| 1297 | 1305 |
|
| ... | ... | |
| 1299 | 1307 |
|
| 1300 | 1308 |
Data type: `Optional[Enum['tcp', 'tcp4', 'tcp6', 'udp', 'udp4', 'udp6']]` |
| 1301 | 1309 |
|
| 1302 |
|
|
| 1310 |
The transport-layer protocol to match. |
|
| 1303 | 1311 |
|
| 1304 | 1312 |
Default value: ``undef`` |
| 1305 | 1313 |
|
| ... | ... | |
| 1307 | 1315 |
|
| 1308 | 1316 |
Data type: `Optional[Nftables::Addr]` |
| 1309 | 1317 |
|
| 1310 |
|
|
| 1318 |
The destination address, CIDR or set to match. |
|
| 1311 | 1319 |
|
| 1312 | 1320 |
Default value: ``undef`` |
| 1313 | 1321 |
|
| ... | ... | |
| 1315 | 1323 |
|
| 1316 | 1324 |
Data type: `Enum['ip', 'ip6']` |
| 1317 | 1325 |
|
| 1318 |
|
|
| 1326 |
When using sets as saddr or daddr, the type of the set. |
|
| 1327 |
Use `ip` for sets of type `ipv4_addr`. |
|
| 1319 | 1328 |
|
| 1320 | 1329 |
Default value: `'ip6'` |
| 1321 | 1330 |
|
| ... | ... | |
| 1323 | 1332 |
|
| 1324 | 1333 |
Data type: `Optional[Nftables::Port]` |
| 1325 | 1334 |
|
| 1326 |
|
|
| 1335 |
The source port, ports or port range. |
|
| 1327 | 1336 |
|
| 1328 | 1337 |
Default value: ``undef`` |
| 1329 | 1338 |
|
| ... | ... | |
| 1331 | 1340 |
|
| 1332 | 1341 |
Data type: `Optional[Nftables::Addr]` |
| 1333 | 1342 |
|
| 1334 |
|
|
| 1343 |
The source address, CIDR or set to match. |
|
| 1335 | 1344 |
|
| 1336 | 1345 |
Default value: ``undef`` |
| 1337 | 1346 |
|
| ... | ... | |
| 1339 | 1348 |
|
| 1340 | 1349 |
Data type: `Boolean` |
| 1341 | 1350 |
|
| 1342 |
|
|
| 1351 |
Enable traffic counters for the matched traffic. |
|
| 1343 | 1352 |
|
| 1344 | 1353 |
Default value: ``false`` |
| 1345 | 1354 |
|
| 1355 |
##### `ensure` |
|
| 1356 |
|
|
| 1357 |
Data type: `Enum['present','absent']` |
|
| 1358 |
|
|
| 1359 |
|
|
| 1360 |
|
|
| 1361 |
Default value: `'present'` |
|
| 1362 |
|
|
| 1346 | 1363 |
## Data types |
| 1347 | 1364 |
|
| 1348 | 1365 |
### `Nftables::Addr` |
| manifests/simplerule.pp | ||
|---|---|---|
| 1 |
# @summary Provides a simplified interface to nftables::rule for basic use cases. |
|
| 2 |
# It's recommended to use nftables::rule directly if you feel comfortable with |
|
| 3 |
# nft's syntax. |
|
| 1 |
# @summary Provides a simplified interface to nftables::rule |
|
| 4 | 2 |
# |
| 5 | 3 |
# @example allow incoming traffic from port 541 on port 543 TCP to a given IP range and count packets |
| 6 | 4 |
# nftables::simplerule{'my_service_in':
|
| ... | ... | |
| 52 | 50 |
# |
| 53 | 51 |
# @param counter |
| 54 | 52 |
# Enable traffic counters for the matched traffic. |
| 55 |
|
|
| 56 | 53 |
define nftables::simplerule ( |
| 57 | 54 |
Enum['present','absent'] $ensure = 'present', |
| 58 | 55 |
Pattern[/^[-a-zA-Z0-9_]+$/] $rulename = $title, |
Formats disponibles : Unified diff