Projet

Général

Profil

Révision baad986e

IDbaad986efb158ad59c13177a4b787effcba1a7af
Parent ba8b99ba
Enfant 50c78d9b

Ajouté par Vadym Chepkov il y a plus d'un an

add ftp helper

This adds ability to enable a connection tracker helper and provides typical ftp rules

Co-authored-by: Vadym Chepkov <>
Co-authored-by: Yury Bushmelev <>

Voir les différences:

REFERENCE.md
20 20 
* [`nftables::rules::dhcpv6_client`](#nftables--rules--dhcpv6_client): allow DHCPv6 requests in to a host
21 21 
* [`nftables::rules::dns`](#nftables--rules--dns): manage in dns
22 22 
* [`nftables::rules::docker_ce`](#nftables--rules--docker_ce): Default firewall configuration for Docker-CE
23 
* [`nftables::rules::ftp`](#nftables--rules--ftp): manage in ftp (with conntrack helper)
23 24 
* [`nftables::rules::http`](#nftables--rules--http): manage in http
24 25 
* [`nftables::rules::https`](#nftables--rules--https): manage in https
25 26 
* [`nftables::rules::icinga2`](#nftables--rules--icinga2): manage in icinga2
......
96 97 
* [`nftables::chain`](#nftables--chain): manage a chain
97 98 
* [`nftables::config`](#nftables--config): manage a config snippet
98 99 
* [`nftables::file`](#nftables--file): Insert a file into the nftables configuration
100 
* [`nftables::helper`](#nftables--helper): manage a conntrack helper
99 101 
* [`nftables::rule`](#nftables--rule): Provides an interface to create a firewall rule
100 102 
* [`nftables::rules::dnat4`](#nftables--rules--dnat4): manage a ipv4 dnat rule
101 103 
* [`nftables::rules::masquerade`](#nftables--rules--masquerade): masquerade all outgoing traffic
......
584 586 

  		




  585
  587
  
    
Default value: `true`


  		




  586
  588
  
    

  		




  
  589
  
    
### <a name="nftables--rules--ftp"></a>`nftables::rules::ftp`


  		




  
  590
  
    

  		




  
  591
  
    
manage in ftp (with conntrack helper)


  		




  
  592
  
    

  		




  
  593
  
    
#### Parameters


  		




  
  594
  
    

  		




  
  595
  
    
The following parameters are available in the `nftables::rules::ftp` class:


  		




  
  596
  
    

  		




  
  597
  
    
* [`enable_passive`](#-nftables--rules--ftp--enable_passive)


  		




  
  598
  
    
* [`passive_ports`](#-nftables--rules--ftp--passive_ports)


  		




  
  599
  
    

  		




  
  600
  
    
##### <a name="-nftables--rules--ftp--enable_passive"></a>`enable_passive`


  		




  
  601
  
    

  		




  
  602
  
    
Data type: `Boolean`


  		




  
  603
  
    

  		




  
  604
  
    
Enable FTP passive mode support


  		




  
  605
  
    

  		




  
  606
  
    
Default value: `true`


  		




  
  607
  
    

  		




  
  608
  
    
##### <a name="-nftables--rules--ftp--passive_ports"></a>`passive_ports`


  		




  
  609
  
    

  		




  
  610
  
    
Data type: `Nftables::Port::Range`


  		




  
  611
  
    

  		




  
  612
  
    
Set the FTP passive mode port range


  		




  
  613
  
    

  		




  
  614
  
    
Default value: `'10090-10100'`


  		




  
  615
  
    

  		




  587
  616
  
    
### <a name="nftables--rules--http"></a>`nftables::rules::http`


  		




  588
  617
  
    

  		




  589
  618
  
    
manage in http


  		




  ......




  1610
  1639
  
    

  		




  1611
  1640
  
    
Default value: `'file-'`


  		




  1612
  1641
  
    

  		




  
  1642
  
    
### <a name="nftables--helper"></a>`nftables::helper`


  		




  
  1643
  
    

  		




  
  1644
  
    
manage a conntrack helper


  		




  
  1645
  
    

  		




  
  1646
  
    
#### Examples


  		




  
  1647
  
    

  		




  
  1648
  
    
##### FTP helper


  		




  
  1649
  
    

  		




  
  1650
  
    
```puppet


  		




  
  1651
  
    
nftables::helper { 'ftp-standard':


  		




  
  1652
  
    
  content => 'type "ftp" protocol tcp;',


  		




  
  1653
  
    
}


  		




  
  1654
  
    
```


  		




  
  1655
  
    

  		




  
  1656
  
    
#### Parameters


  		




  
  1657
  
    

  		




  
  1658
  
    
The following parameters are available in the `nftables::helper` defined type:


  		




  
  1659
  
    

  		




  
  1660
  
    
* [`content`](#-nftables--helper--content)


  		




  
  1661
  
    
* [`table`](#-nftables--helper--table)


  		




  
  1662
  
    
* [`helper`](#-nftables--helper--helper)


  		




  
  1663
  
    

  		




  
  1664
  
    
##### <a name="-nftables--helper--content"></a>`content`


  		




  
  1665
  
    

  		




  
  1666
  
    
Data type: `String`


  		




  
  1667
  
    

  		




  
  1668
  
    
Conntrack helper definition.


  		




  
  1669
  
    

  		




  
  1670
  
    
##### <a name="-nftables--helper--table"></a>`table`


  		




  
  1671
  
    

  		




  
  1672
  
    
Data type: `Pattern[/^(ip|ip6|inet)-[a-zA-Z0-9_]+$/]`


  		




  
  1673
  
    

  		




  
  1674
  
    
The name of the table to add this helper to.


  		




  
  1675
  
    

  		




  
  1676
  
    
Default value: `'inet-filter'`


  		




  
  1677
  
    

  		




  
  1678
  
    
##### <a name="-nftables--helper--helper"></a>`helper`


  		




  
  1679
  
    

  		




  
  1680
  
    
Data type: `Pattern[/^[a-zA-Z0-9_][A-z0-9_-]*$/]`


  		




  
  1681
  
    

  		




  
  1682
  
    
The symbolic name for the helper.


  		




  
  1683
  
    

  		




  
  1684
  
    
Default value: `$title`


  		




  
  1685
  
    

  		




  1613
  1686
  
    
### <a name="nftables--rule"></a>`nftables::rule`


  		




  1614
  1687
  
    

  		




  1615
  1688
  
    
Provides an interface to create a firewall rule


  		












Formats disponibles :  Unified diff