/ - Diff - puppet nftables - Koumbit's Redmine

Révision c24d3118

ID	c24d31182534787ad15393b15ad135e9dcc8299e
Parent	7030bde0
Enfant	cec8a7fe

Ajouté par Tim Meusel il y a environ 2 ans

Regenerate REFERENCE.md

     ### Classes
     * [`nftables`](#nftables): Configure nftables
     * [`nftables::bridges`](#nftablesbridges): allow forwarding traffic on bridges
     * [`nftables::inet_filter`](#nftablesinet_filter): manage basic chains in table inet filter
     * [`nftables::inet_filter::fwd_conntrack`](#nftablesinet_filterfwd_conntrack): enable conntrack for fwd
     * [`nftables::inet_filter::in_out_conntrack`](#nftablesinet_filterin_out_conntrack): manage input & output conntrack
     * [`nftables::ip_nat`](#nftablesip_nat): manage basic chains in table ip nat
     * [`nftables::rules::activemq`](#nftablesrulesactivemq): Provides input rules for Apache ActiveMQ
     * [`nftables::rules::afs3_callback`](#nftablesrulesafs3_callback): Open call back port for AFS clients
     * [`nftables::rules::ceph`](#nftablesrulesceph): Ceph is a distributed object store and file system. Enable this to support Ceph's Object Storage Daemons (OSD), Metadata Server Daemons (MDS)
     * [`nftables::rules::ceph_mon`](#nftablesrulesceph_mon): Ceph is a distributed object store and file system.
     * [`nftables::bridges`](#nftables--bridges): allow forwarding traffic on bridges
     * [`nftables::inet_filter`](#nftables--inet_filter): manage basic chains in table inet filter
     * [`nftables::inet_filter::fwd_conntrack`](#nftables--inet_filter--fwd_conntrack): enable conntrack for fwd
     * [`nftables::inet_filter::in_out_conntrack`](#nftables--inet_filter--in_out_conntrack): manage input & output conntrack
     * [`nftables::ip_nat`](#nftables--ip_nat): manage basic chains in table ip nat
     * [`nftables::rules::activemq`](#nftables--rules--activemq): Provides input rules for Apache ActiveMQ
     * [`nftables::rules::afs3_callback`](#nftables--rules--afs3_callback): Open call back port for AFS clients
     * [`nftables::rules::ceph`](#nftables--rules--ceph): Ceph is a distributed object store and file system. Enable this to support Ceph's Object Storage Daemons (OSD), Metadata Server Daemons (MDS)
     * [`nftables::rules::ceph_mon`](#nftables--rules--ceph_mon): Ceph is a distributed object store and file system.
     Enable this option to support Ceph's Monitor Daemon.
     * [`nftables::rules::dhcpv6_client`](#nftablesrulesdhcpv6_client): allow DHCPv6 requests in to a host
     * [`nftables::rules::dns`](#nftablesrulesdns): manage in dns
     * [`nftables::rules::docker_ce`](#nftablesrulesdocker_ce): Default firewall configuration for Docker-CE
     * [`nftables::rules::http`](#nftablesruleshttp): manage in http
     * [`nftables::rules::https`](#nftablesruleshttps): manage in https
     * [`nftables::rules::icinga2`](#nftablesrulesicinga2): manage in icinga2
     * [`nftables::rules::icmp`](#nftablesrulesicmp)
     * [`nftables::rules::nfs`](#nftablesrulesnfs): manage in nfs4
     * [`nftables::rules::nfs3`](#nftablesrulesnfs3): manage in nfs3
     * [`nftables::rules::node_exporter`](#nftablesrulesnode_exporter): manage in node exporter
     * [`nftables::rules::ospf`](#nftablesrulesospf): manage in ospf
     * [`nftables::rules::ospf3`](#nftablesrulesospf3): manage in ospf3
     * [`nftables::rules::out::all`](#nftablesrulesoutall): allow all outbound
     * [`nftables::rules::out::ceph_client`](#nftablesrulesoutceph_client): Ceph is a distributed object store and file system.
     * [`nftables::rules::dhcpv6_client`](#nftables--rules--dhcpv6_client): allow DHCPv6 requests in to a host
     * [`nftables::rules::dns`](#nftables--rules--dns): manage in dns
     * [`nftables::rules::docker_ce`](#nftables--rules--docker_ce): Default firewall configuration for Docker-CE
     * [`nftables::rules::http`](#nftables--rules--http): manage in http
     * [`nftables::rules::https`](#nftables--rules--https): manage in https
     * [`nftables::rules::icinga2`](#nftables--rules--icinga2): manage in icinga2
     * [`nftables::rules::icmp`](#nftables--rules--icmp)
     * [`nftables::rules::nfs`](#nftables--rules--nfs): manage in nfs4
     * [`nftables::rules::nfs3`](#nftables--rules--nfs3): manage in nfs3
     * [`nftables::rules::node_exporter`](#nftables--rules--node_exporter): manage in node exporter
     * [`nftables::rules::ospf`](#nftables--rules--ospf): manage in ospf
     * [`nftables::rules::ospf3`](#nftables--rules--ospf3): manage in ospf3
     * [`nftables::rules::out::all`](#nftables--rules--out--all): allow all outbound
     * [`nftables::rules::out::ceph_client`](#nftables--rules--out--ceph_client): Ceph is a distributed object store and file system.
     Enable this to be a client of Ceph's Monitor (MON),
     Object Storage Daemons (OSD), Metadata Server Daemons (MDS),
     and Manager Daemons (MGR).
     * [`nftables::rules::out::chrony`](#nftablesrulesoutchrony): manage out chrony
     * [`nftables::rules::out::dhcp`](#nftablesrulesoutdhcp): manage out dhcp
     * [`nftables::rules::out::dhcpv6_client`](#nftablesrulesoutdhcpv6_client): Allow DHCPv6 requests out of a host
     * [`nftables::rules::out::dns`](#nftablesrulesoutdns): manage out dns
     * [`nftables::rules::out::hkp`](#nftablesrulesouthkp): allow outgoing hkp connections to gpg keyservers
     * [`nftables::rules::out::http`](#nftablesrulesouthttp): manage out http
     * [`nftables::rules::out::https`](#nftablesrulesouthttps): manage out https
     * [`nftables::rules::out::icmp`](#nftablesrulesouticmp): control outbound icmp packages
     * [`nftables::rules::out::imap`](#nftablesrulesoutimap): allow outgoing imap
     * [`nftables::rules::out::kerberos`](#nftablesrulesoutkerberos): allows outbound access for kerberos
     * [`nftables::rules::out::mysql`](#nftablesrulesoutmysql): manage out mysql
     * [`nftables::rules::out::nfs`](#nftablesrulesoutnfs): manage out nfs
     * [`nftables::rules::out::nfs3`](#nftablesrulesoutnfs3): manage out nfs3
     * [`nftables::rules::out::openafs_client`](#nftablesrulesoutopenafs_client): allows outbound access for afs clients
     * [`nftables::rules::out::chrony`](#nftables--rules--out--chrony): manage out chrony
     * [`nftables::rules::out::dhcp`](#nftables--rules--out--dhcp): manage out dhcp
     * [`nftables::rules::out::dhcpv6_client`](#nftables--rules--out--dhcpv6_client): Allow DHCPv6 requests out of a host
     * [`nftables::rules::out::dns`](#nftables--rules--out--dns): manage out dns
     * [`nftables::rules::out::hkp`](#nftables--rules--out--hkp): allow outgoing hkp connections to gpg keyservers
     * [`nftables::rules::out::http`](#nftables--rules--out--http): manage out http
     * [`nftables::rules::out::https`](#nftables--rules--out--https): manage out https
     * [`nftables::rules::out::icmp`](#nftables--rules--out--icmp): control outbound icmp packages
     * [`nftables::rules::out::imap`](#nftables--rules--out--imap): allow outgoing imap
     * [`nftables::rules::out::kerberos`](#nftables--rules--out--kerberos): allows outbound access for kerberos
     * [`nftables::rules::out::mysql`](#nftables--rules--out--mysql): manage out mysql
     * [`nftables::rules::out::nfs`](#nftables--rules--out--nfs): manage out nfs
     * [`nftables::rules::out::nfs3`](#nftables--rules--out--nfs3): manage out nfs3
     * [`nftables::rules::out::openafs_client`](#nftables--rules--out--openafs_client): allows outbound access for afs clients
 - afs3-fileserver
 - afs3-ptserver
 - vlserver
     * [`nftables::rules::out::ospf`](#nftablesrulesoutospf): manage out ospf
     * [`nftables::rules::out::ospf3`](#nftablesrulesoutospf3): manage out ospf3
     * [`nftables::rules::out::pop3`](#nftablesrulesoutpop3): allow outgoing pop3
     * [`nftables::rules::out::postgres`](#nftablesrulesoutpostgres): manage out postgres
     * [`nftables::rules::out::puppet`](#nftablesrulesoutpuppet): manage outgoing puppet
     * [`nftables::rules::out::pxp_agent`](#nftablesrulesoutpxp_agent): manage outgoing pxp-agent
     * [`nftables::rules::out::smtp`](#nftablesrulesoutsmtp): allow outgoing smtp
     * [`nftables::rules::out::smtp_client`](#nftablesrulesoutsmtp_client): allow outgoing smtp client
     * [`nftables::rules::out::ssh`](#nftablesrulesoutssh): manage out ssh
     * [`nftables::rules::out::ssh::remove`](#nftablesrulesoutsshremove): disable outgoing ssh
     * [`nftables::rules::out::tor`](#nftablesrulesouttor): manage out tor
     * [`nftables::rules::out::whois`](#nftablesrulesoutwhois): allow clients to query remote whois server
     * [`nftables::rules::out::wireguard`](#nftablesrulesoutwireguard): manage out wireguard
     * [`nftables::rules::puppet`](#nftablesrulespuppet): manage in puppet
     * [`nftables::rules::pxp_agent`](#nftablesrulespxp_agent): manage in pxp-agent
     * [`nftables::rules::qemu`](#nftablesrulesqemu): Bridged network configuration for qemu/libvirt
     * [`nftables::rules::samba`](#nftablesrulessamba): manage Samba, the suite to allow Windows file sharing on Linux resources.
     * [`nftables::rules::smtp`](#nftablesrulessmtp): manage in smtp
     * [`nftables::rules::smtp_submission`](#nftablesrulessmtp_submission): manage in smtp submission
     * [`nftables::rules::smtps`](#nftablesrulessmtps): manage in smtps
     * [`nftables::rules::ssh`](#nftablesrulesssh): manage in ssh
     * [`nftables::rules::tor`](#nftablesrulestor): manage in tor
     * [`nftables::rules::wireguard`](#nftablesruleswireguard): manage in wireguard
     * [`nftables::services::dhcpv6_client`](#nftablesservicesdhcpv6_client): Allow in and outbound traffic for DHCPv6 server
     * [`nftables::services::openafs_client`](#nftablesservicesopenafs_client): Open inbound and outbound ports for an AFS client
     * [`nftables::rules::out::ospf`](#nftables--rules--out--ospf): manage out ospf
     * [`nftables::rules::out::ospf3`](#nftables--rules--out--ospf3): manage out ospf3
     * [`nftables::rules::out::pop3`](#nftables--rules--out--pop3): allow outgoing pop3
     * [`nftables::rules::out::postgres`](#nftables--rules--out--postgres): manage out postgres
     * [`nftables::rules::out::puppet`](#nftables--rules--out--puppet): manage outgoing puppet
     * [`nftables::rules::out::pxp_agent`](#nftables--rules--out--pxp_agent): manage outgoing pxp-agent
     * [`nftables::rules::out::smtp`](#nftables--rules--out--smtp): allow outgoing smtp
     * [`nftables::rules::out::smtp_client`](#nftables--rules--out--smtp_client): allow outgoing smtp client
     * [`nftables::rules::out::ssh`](#nftables--rules--out--ssh): manage out ssh
     * [`nftables::rules::out::ssh::remove`](#nftables--rules--out--ssh--remove): disable outgoing ssh
     * [`nftables::rules::out::tor`](#nftables--rules--out--tor): manage out tor
     * [`nftables::rules::out::whois`](#nftables--rules--out--whois): allow clients to query remote whois server
     * [`nftables::rules::out::wireguard`](#nftables--rules--out--wireguard): manage out wireguard
     * [`nftables::rules::puppet`](#nftables--rules--puppet): manage in puppet
     * [`nftables::rules::pxp_agent`](#nftables--rules--pxp_agent): manage in pxp-agent
     * [`nftables::rules::qemu`](#nftables--rules--qemu): Bridged network configuration for qemu/libvirt
     * [`nftables::rules::samba`](#nftables--rules--samba): manage Samba, the suite to allow Windows file sharing on Linux resources.
     * [`nftables::rules::smtp`](#nftables--rules--smtp): manage in smtp
     * [`nftables::rules::smtp_submission`](#nftables--rules--smtp_submission): manage in smtp submission
     * [`nftables::rules::smtps`](#nftables--rules--smtps): manage in smtps
     * [`nftables::rules::ssh`](#nftables--rules--ssh): manage in ssh
     * [`nftables::rules::tor`](#nftables--rules--tor): manage in tor
     * [`nftables::rules::wireguard`](#nftables--rules--wireguard): manage in wireguard
     * [`nftables::services::dhcpv6_client`](#nftables--services--dhcpv6_client): Allow in and outbound traffic for DHCPv6 server
     * [`nftables::services::openafs_client`](#nftables--services--openafs_client): Open inbound and outbound ports for an AFS client
     ### Defined types
     * [`nftables::chain`](#nftableschain): manage a chain
     * [`nftables::config`](#nftablesconfig): manage a config snippet
     * [`nftables::file`](#nftablesfile): Insert a file into the nftables configuration
     * [`nftables::rule`](#nftablesrule): Provides an interface to create a firewall rule
     * [`nftables::rules::dnat4`](#nftablesrulesdnat4): manage a ipv4 dnat rule
     * [`nftables::rules::masquerade`](#nftablesrulesmasquerade): masquerade all outgoing traffic
     * [`nftables::rules::snat4`](#nftablesrulessnat4): manage a ipv4 snat rule
     * [`nftables::set`](#nftablesset): manage a named set
     * [`nftables::simplerule`](#nftablessimplerule): Provides a simplified interface to nftables::rule
     * [`nftables::chain`](#nftables--chain): manage a chain
     * [`nftables::config`](#nftables--config): manage a config snippet
     * [`nftables::file`](#nftables--file): Insert a file into the nftables configuration
     * [`nftables::rule`](#nftables--rule): Provides an interface to create a firewall rule
     * [`nftables::rules::dnat4`](#nftables--rules--dnat4): manage a ipv4 dnat rule
     * [`nftables::rules::masquerade`](#nftables--rules--masquerade): masquerade all outgoing traffic
     * [`nftables::rules::snat4`](#nftables--rules--snat4): manage a ipv4 snat rule
     * [`nftables::set`](#nftables--set): manage a named set
     * [`nftables::simplerule`](#nftables--simplerule): Provides a simplified interface to nftables::rule
     ### Data types
     * [`Nftables::Addr`](#nftablesaddr): Represents an address expression to be used within a rule.
     * [`Nftables::Addr::Set`](#nftablesaddrset): Represents a set expression to be used within a rule.
     * [`Nftables::Port`](#nftablesport): Represents a port expression to be used within a rule.
     * [`Nftables::Port::Range`](#nftablesportrange): Represents a port range expression to be used within a rule.
     * [`Nftables::RuleName`](#nftablesrulename): Represents a rule name to be used in a raw rule created via nftables::rule.
     * [`Nftables::Addr`](#Nftables--Addr): Represents an address expression to be used within a rule.
     * [`Nftables::Addr::Set`](#Nftables--Addr--Set): Represents a set expression to be used within a rule.
     * [`Nftables::Port`](#Nftables--Port): Represents a port expression to be used within a rule.
     * [`Nftables::Port::Range`](#Nftables--Port--Range): Represents a port range expression to be used within a rule.
     * [`Nftables::RuleName`](#Nftables--RuleName): Represents a rule name to be used in a raw rule created via nftables::rule.
     It's a dash separated string. The first component describes the chain to
     add the rule to, the second the rule name and the (optional) third a number.
     Ex: 'default_in-sshd', 'default_out-my_service-2'.
     * [`Nftables::SimpleRuleName`](#nftablessimplerulename): Represents a simple rule name to be used in a rule created via nftables::simplerule
     * [`Nftables::SimpleRuleName`](#Nftables--SimpleRuleName): Represents a simple rule name to be used in a rule created via nftables::simplerule
     ## Classes
-...
     The following parameters are available in the `nftables` class:
     * [`out_all`](#out_all)
     * [`out_ntp`](#out_ntp)
     * [`out_http`](#out_http)
     * [`out_dns`](#out_dns)
     * [`out_https`](#out_https)
     * [`out_icmp`](#out_icmp)
     * [`in_ssh`](#in_ssh)
     * [`in_icmp`](#in_icmp)
     * [`inet_filter`](#inet_filter)
     * [`nat`](#nat)
     * [`nat_table_name`](#nat_table_name)
     * [`sets`](#sets)
     * [`log_prefix`](#log_prefix)
     * [`log_limit`](#log_limit)
     * [`reject_with`](#reject_with)
     * [`in_out_conntrack`](#in_out_conntrack)
     * [`fwd_conntrack`](#fwd_conntrack)
     * [`firewalld_enable`](#firewalld_enable)
     * [`noflush_tables`](#noflush_tables)
     * [`rules`](#rules)
     * [`configuration_path`](#configuration_path)
     * [`nft_path`](#nft_path)
     * [`echo`](#echo)
     * [`default_config_mode`](#default_config_mode)
     ##### <a name="out_all"></a>`out_all`
     * [`out_all`](#-nftables--out_all)
     * [`out_ntp`](#-nftables--out_ntp)
     * [`out_http`](#-nftables--out_http)
     * [`out_dns`](#-nftables--out_dns)
     * [`out_https`](#-nftables--out_https)
     * [`out_icmp`](#-nftables--out_icmp)
     * [`in_ssh`](#-nftables--in_ssh)
     * [`in_icmp`](#-nftables--in_icmp)
     * [`inet_filter`](#-nftables--inet_filter)
     * [`nat`](#-nftables--nat)
     * [`nat_table_name`](#-nftables--nat_table_name)
     * [`sets`](#-nftables--sets)
     * [`log_prefix`](#-nftables--log_prefix)
     * [`log_limit`](#-nftables--log_limit)
     * [`reject_with`](#-nftables--reject_with)
     * [`in_out_conntrack`](#-nftables--in_out_conntrack)
     * [`fwd_conntrack`](#-nftables--fwd_conntrack)
     * [`firewalld_enable`](#-nftables--firewalld_enable)
     * [`noflush_tables`](#-nftables--noflush_tables)
     * [`rules`](#-nftables--rules)
     * [`configuration_path`](#-nftables--configuration_path)
     * [`nft_path`](#-nftables--nft_path)
     * [`echo`](#-nftables--echo)
     * [`default_config_mode`](#-nftables--default_config_mode)
     ##### <a name="-nftables--out_all"></a>`out_all`
     Data type: `Boolean`
-...
     out parameters `out_ntp`, `out_dns`, ... will be assuemed
     false.
     Default value: ``false``
     Default value: `false`
     ##### <a name="out_ntp"></a>`out_ntp`
     ##### <a name="-nftables--out_ntp"></a>`out_ntp`
     Data type: `Boolean`
     Allow outbound to ntp servers.
     Default value: ``true``
     Default value: `true`
     ##### <a name="out_http"></a>`out_http`
     ##### <a name="-nftables--out_http"></a>`out_http`
     Data type: `Boolean`
     Allow outbound to http servers.
     Default value: ``true``
     Default value: `true`
     ##### <a name="out_dns"></a>`out_dns`
     ##### <a name="-nftables--out_dns"></a>`out_dns`
     Data type: `Boolean`
     Allow outbound to dns servers.
     Default value: ``true``
     Default value: `true`
     ##### <a name="out_https"></a>`out_https`
     ##### <a name="-nftables--out_https"></a>`out_https`
     Data type: `Boolean`
     Allow outbound to https servers.
     Default value: ``true``
     Default value: `true`
     ##### <a name="out_icmp"></a>`out_icmp`
     ##### <a name="-nftables--out_icmp"></a>`out_icmp`
     Data type: `Boolean`
     Allow outbound ICMPv4/v6 traffic.
     Default value: ``true``
     Default value: `true`
     ##### <a name="in_ssh"></a>`in_ssh`
     ##### <a name="-nftables--in_ssh"></a>`in_ssh`
     Data type: `Boolean`
     Allow inbound to ssh servers.
     Default value: ``true``
     Default value: `true`
     ##### <a name="in_icmp"></a>`in_icmp`
     ##### <a name="-nftables--in_icmp"></a>`in_icmp`
     Data type: `Boolean`
     Allow inbound ICMPv4/v6 traffic.
     Default value: ``true``
     Default value: `true`
     ##### <a name="inet_filter"></a>`inet_filter`
     ##### <a name="-nftables--inet_filter"></a>`inet_filter`
     Data type: `Boolean`
     Add default tables, chains and rules to process traffic.
     Default value: ``true``
     Default value: `true`
     ##### <a name="nat"></a>`nat`
     ##### <a name="-nftables--nat"></a>`nat`
     Data type: `Boolean`
     Add default tables and chains to process NAT traffic.
     Default value: ``true``
     Default value: `true`
     ##### <a name="nat_table_name"></a>`nat_table_name`
     ##### <a name="-nftables--nat_table_name"></a>`nat_table_name`
     Data type: `String[1]`
-...
     Default value: `'nat'`
     ##### <a name="sets"></a>`sets`
     ##### <a name="-nftables--sets"></a>`sets`
     Data type: `Hash`
-...
     Default value: `{}`
     ##### <a name="log_prefix"></a>`log_prefix`
     ##### <a name="-nftables--log_prefix"></a>`log_prefix`
     Data type: `String`
-...
     Default value: `'[nftables] %<chain>s %<comment>s'`
     ##### <a name="log_limit"></a>`log_limit`
     ##### <a name="-nftables--log_limit"></a>`log_limit`
     Data type: `Variant[Boolean[false], String]`
-...
     Default value: `'3/minute burst 5 packets'`
     ##### <a name="reject_with"></a>`reject_with`
     ##### <a name="-nftables--reject_with"></a>`reject_with`
     Data type: `Variant[Boolean[false], Pattern[/icmp(v6|x)? type .+|tcp reset/]]`
-...
     Default value: `'icmpx type port-unreachable'`
     ##### <a name="in_out_conntrack"></a>`in_out_conntrack`
     ##### <a name="-nftables--in_out_conntrack"></a>`in_out_conntrack`
     Data type: `Boolean`
     Adds INPUT and OUTPUT rules to allow traffic that's part of an
     established connection and also to drop invalid packets.
     Default value: ``true``
     Default value: `true`
     ##### <a name="fwd_conntrack"></a>`fwd_conntrack`
     ##### <a name="-nftables--fwd_conntrack"></a>`fwd_conntrack`
     Data type: `Boolean`
     Adds FORWARD rules to allow traffic that's part of an
     established connection and also to drop invalid packets.
     Default value: ``false``
     Default value: `false`
     ##### <a name="firewalld_enable"></a>`firewalld_enable`
     ##### <a name="-nftables--firewalld_enable"></a>`firewalld_enable`
     Data type: `Variant[Boolean[false], Enum['mask']]`
-...
     Default value: `'mask'`
     ##### <a name="noflush_tables"></a>`noflush_tables`
     ##### <a name="-nftables--noflush_tables"></a>`noflush_tables`
     Data type: `Optional[Array[Pattern[/^(ip|ip6|inet|arp|bridge|netdev)-[-a-zA-Z0-9_]+$/],1]]`
     If specified only other existings tables will be flushed.
     If left unset all tables will be flushed via a `flush ruleset`
     Default value: ``undef``
     Default value: `undef`
     ##### <a name="rules"></a>`rules`
     ##### <a name="-nftables--rules"></a>`rules`
     Data type: `Hash`
-...
     Default value: `{}`
     ##### <a name="configuration_path"></a>`configuration_path`
     ##### <a name="-nftables--configuration_path"></a>`configuration_path`
     Data type: `Stdlib::Unixpath`
     The absolute path to the principal nftables configuration file. The default
     varies depending on the system, and is set in the module's data.
     ##### <a name="nft_path"></a>`nft_path`
     ##### <a name="-nftables--nft_path"></a>`nft_path`
     Data type: `Stdlib::Unixpath`
     Path to the nft binary
     ##### <a name="echo"></a>`echo`
     ##### <a name="-nftables--echo"></a>`echo`
     Data type: `Stdlib::Unixpath`
     Path to the echo binary
     ##### <a name="default_config_mode"></a>`default_config_mode`
     ##### <a name="-nftables--default_config_mode"></a>`default_config_mode`
     Data type: `Stdlib::Filemode`
     The default file & dir mode for configuration files and directories. The
     default varies depending on the system, and is set in the module's data.
     ### <a name="nftablesbridges"></a>`nftables::bridges`
     ### <a name="nftables--bridges"></a>`nftables::bridges`
     allow forwarding traffic on bridges
-...
     The following parameters are available in the `nftables::bridges` class:
     * [`ensure`](#ensure)
     * [`bridgenames`](#bridgenames)
     * [`ensure`](#-nftables--bridges--ensure)
     * [`bridgenames`](#-nftables--bridges--bridgenames)
     ##### <a name="ensure"></a>`ensure`
     ##### <a name="-nftables--bridges--ensure"></a>`ensure`
     Data type: `Enum['present','absent']`
-...
     Default value: `'present'`
     ##### <a name="bridgenames"></a>`bridgenames`
     ##### <a name="-nftables--bridges--bridgenames"></a>`bridgenames`
     Data type: `Regexp`
-...
     Default value: `/^br.+/`
     ### <a name="nftablesinet_filter"></a>`nftables::inet_filter`
     ### <a name="nftables--inet_filter"></a>`nftables::inet_filter`
     manage basic chains in table inet filter
     ### <a name="nftablesinet_filterfwd_conntrack"></a>`nftables::inet_filter::fwd_conntrack`
     ### <a name="nftables--inet_filter--fwd_conntrack"></a>`nftables::inet_filter::fwd_conntrack`
     enable conntrack for fwd
     ### <a name="nftablesinet_filterin_out_conntrack"></a>`nftables::inet_filter::in_out_conntrack`
     ### <a name="nftables--inet_filter--in_out_conntrack"></a>`nftables::inet_filter::in_out_conntrack`
     manage input & output conntrack
     ### <a name="nftablesip_nat"></a>`nftables::ip_nat`
     ### <a name="nftables--ip_nat"></a>`nftables::ip_nat`
     manage basic chains in table ip nat
     ### <a name="nftablesrulesactivemq"></a>`nftables::rules::activemq`
     ### <a name="nftables--rules--activemq"></a>`nftables::rules::activemq`
     Provides input rules for Apache ActiveMQ
-...
     The following parameters are available in the `nftables::rules::activemq` class:
     * [`tcp`](#tcp)
     * [`udp`](#udp)
     * [`port`](#port)
     * [`tcp`](#-nftables--rules--activemq--tcp)
     * [`udp`](#-nftables--rules--activemq--udp)
     * [`port`](#-nftables--rules--activemq--port)
     ##### <a name="tcp"></a>`tcp`
     ##### <a name="-nftables--rules--activemq--tcp"></a>`tcp`
     Data type: `Boolean`
     Create the rule for TCP traffic.
     Default value: ``true``
     Default value: `true`
     ##### <a name="udp"></a>`udp`
     ##### <a name="-nftables--rules--activemq--udp"></a>`udp`
     Data type: `Boolean`
     Create the rule for UDP traffic.
     Default value: ``true``
     Default value: `true`
     ##### <a name="port"></a>`port`
     ##### <a name="-nftables--rules--activemq--port"></a>`port`
     Data type: `Stdlib::Port`
-...
     Default value: `61616`
     ### <a name="nftablesrulesafs3_callback"></a>`nftables::rules::afs3_callback`
     ### <a name="nftables--rules--afs3_callback"></a>`nftables::rules::afs3_callback`
     Open call back port for AFS clients
-...
     The following parameters are available in the `nftables::rules::afs3_callback` class:
     * [`saddr`](#saddr)
     * [`saddr`](#-nftables--rules--afs3_callback--saddr)
     ##### <a name="saddr"></a>`saddr`
     ##### <a name="-nftables--rules--afs3_callback--saddr"></a>`saddr`
     Data type: `Array[Stdlib::IP::Address::V4,1]`
-...
     Default value: `['0.0.0.0/0']`
     ### <a name="nftablesrulesceph"></a>`nftables::rules::ceph`
     ### <a name="nftables--rules--ceph"></a>`nftables::rules::ceph`
     Ceph is a distributed object store and file system.
     Enable this to support Ceph's Object Storage Daemons (OSD),
     Metadata Server Daemons (MDS), or Manager Daemons (MGR).
     ### <a name="nftablesrulesceph_mon"></a>`nftables::rules::ceph_mon`
     ### <a name="nftables--rules--ceph_mon"></a>`nftables::rules::ceph_mon`
     Ceph is a distributed object store and file system.
     Enable this option to support Ceph's Monitor Daemon.
-...
     The following parameters are available in the `nftables::rules::ceph_mon` class:
     * [`ports`](#ports)
     * [`ports`](#-nftables--rules--ceph_mon--ports)
     ##### <a name="ports"></a>`ports`
     ##### <a name="-nftables--rules--ceph_mon--ports"></a>`ports`
     Data type: `Array[Stdlib::Port,1]`
-...
     Default value: `[3300, 6789]`
     ### <a name="nftablesrulesdhcpv6_client"></a>`nftables::rules::dhcpv6_client`
     ### <a name="nftables--rules--dhcpv6_client"></a>`nftables::rules::dhcpv6_client`
     allow DHCPv6 requests in to a host
     ### <a name="nftablesrulesdns"></a>`nftables::rules::dns`
     ### <a name="nftables--rules--dns"></a>`nftables::rules::dns`
     manage in dns
-...
     The following parameters are available in the `nftables::rules::dns` class:
     * [`ports`](#ports)
     * [`ports`](#-nftables--rules--dns--ports)
     ##### <a name="ports"></a>`ports`
     ##### <a name="-nftables--rules--dns--ports"></a>`ports`
     Data type: `Array[Stdlib::Port,1]`
-...
     Default value: `[53]`
     ### <a name="nftablesrulesdocker_ce"></a>`nftables::rules::docker_ce`
     ### <a name="nftables--rules--docker_ce"></a>`nftables::rules::docker_ce`
     The configuration distributed in this class represents the default firewall
     configuration done by docker-ce when the iptables integration is enabled.
-...
     The following parameters are available in the `nftables::rules::docker_ce` class:
     * [`docker_interface`](#docker_interface)
     * [`docker_prefix`](#docker_prefix)
     * [`manage_docker_chains`](#manage_docker_chains)
     * [`manage_base_chains`](#manage_base_chains)
     * [`docker_interface`](#-nftables--rules--docker_ce--docker_interface)
     * [`docker_prefix`](#-nftables--rules--docker_ce--docker_prefix)
     * [`manage_docker_chains`](#-nftables--rules--docker_ce--manage_docker_chains)
     * [`manage_base_chains`](#-nftables--rules--docker_ce--manage_base_chains)
     ##### <a name="docker_interface"></a>`docker_interface`
     ##### <a name="-nftables--rules--docker_ce--docker_interface"></a>`docker_interface`
     Data type: `String[1]`
-...
     Default value: `'docker0'`
     ##### <a name="docker_prefix"></a>`docker_prefix`
     ##### <a name="-nftables--rules--docker_ce--docker_prefix"></a>`docker_prefix`
     Data type: `Stdlib::IP::Address::V4::CIDR`
-...
     Default value: `'172.17.0.0/16'`
     ##### <a name="manage_docker_chains"></a>`manage_docker_chains`
     ##### <a name="-nftables--rules--docker_ce--manage_docker_chains"></a>`manage_docker_chains`
     Data type: `Boolean`
     Flag to control whether the class should create the docker related chains.
     Default value: ``true``
     Default value: `true`
     ##### <a name="manage_base_chains"></a>`manage_base_chains`
     ##### <a name="-nftables--rules--docker_ce--manage_base_chains"></a>`manage_base_chains`
     Data type: `Boolean`
     Flag to control whether the class should create the base common chains.
     Default value: ``true``
     Default value: `true`
     ### <a name="nftablesruleshttp"></a>`nftables::rules::http`
     ### <a name="nftables--rules--http"></a>`nftables::rules::http`
     manage in http
     ### <a name="nftablesruleshttps"></a>`nftables::rules::https`
     ### <a name="nftables--rules--https"></a>`nftables::rules::https`
     manage in https
     ### <a name="nftablesrulesicinga2"></a>`nftables::rules::icinga2`
     ### <a name="nftables--rules--icinga2"></a>`nftables::rules::icinga2`
     manage in icinga2
-...
     The following parameters are available in the `nftables::rules::icinga2` class:
     * [`ports`](#ports)
     * [`ports`](#-nftables--rules--icinga2--ports)
     ##### <a name="ports"></a>`ports`
     ##### <a name="-nftables--rules--icinga2--ports"></a>`ports`
     Data type: `Array[Stdlib::Port,1]`
-...
     Default value: `[5665]`
     ### <a name="nftablesrulesicmp"></a>`nftables::rules::icmp`
     ### <a name="nftables--rules--icmp"></a>`nftables::rules::icmp`
     The nftables::rules::icmp class.
-...
     The following parameters are available in the `nftables::rules::icmp` class:
     * [`v4_types`](#v4_types)
     * [`v6_types`](#v6_types)
     * [`order`](#order)
     * [`v4_types`](#-nftables--rules--icmp--v4_types)
     * [`v6_types`](#-nftables--rules--icmp--v6_types)
     * [`order`](#-nftables--rules--icmp--order)
     ##### <a name="v4_types"></a>`v4_types`
     ##### <a name="-nftables--rules--icmp--v4_types"></a>`v4_types`
     Data type: `Optional[Array[String]]`
     Default value: ``undef``
     Default value: `undef`
     ##### <a name="v6_types"></a>`v6_types`
     ##### <a name="-nftables--rules--icmp--v6_types"></a>`v6_types`
     Data type: `Optional[Array[String]]`
     Default value: ``undef``
     Default value: `undef`
     ##### <a name="order"></a>`order`
     ##### <a name="-nftables--rules--icmp--order"></a>`order`
     Data type: `String`
-...
     Default value: `'10'`
     ### <a name="nftablesrulesnfs"></a>`nftables::rules::nfs`
     ### <a name="nftables--rules--nfs"></a>`nftables::rules::nfs`
     manage in nfs4
     ### <a name="nftablesrulesnfs3"></a>`nftables::rules::nfs3`
     ### <a name="nftables--rules--nfs3"></a>`nftables::rules::nfs3`
     manage in nfs3
     ### <a name="nftablesrulesnode_exporter"></a>`nftables::rules::node_exporter`
     ### <a name="nftables--rules--node_exporter"></a>`nftables::rules::node_exporter`
     manage in node exporter
-...
     The following parameters are available in the `nftables::rules::node_exporter` class:
     * [`prometheus_server`](#prometheus_server)
     * [`port`](#port)
     * [`prometheus_server`](#-nftables--rules--node_exporter--prometheus_server)
     * [`port`](#-nftables--rules--node_exporter--port)
     ##### <a name="prometheus_server"></a>`prometheus_server`
     ##### <a name="-nftables--rules--node_exporter--prometheus_server"></a>`prometheus_server`
     Data type: `Optional[Variant[String,Array[String,1]]]`
     Specify server name
     Default value: ``undef``
     Default value: `undef`
     ##### <a name="port"></a>`port`
     ##### <a name="-nftables--rules--node_exporter--port"></a>`port`
     Data type: `Stdlib::Port`
-...
     Default value: `9100`
     ### <a name="nftablesrulesospf"></a>`nftables::rules::ospf`
     ### <a name="nftables--rules--ospf"></a>`nftables::rules::ospf`
     manage in ospf
     ### <a name="nftablesrulesospf3"></a>`nftables::rules::ospf3`
     ### <a name="nftables--rules--ospf3"></a>`nftables::rules::ospf3`
     manage in ospf3
     ### <a name="nftablesrulesoutall"></a>`nftables::rules::out::all`
     ### <a name="nftables--rules--out--all"></a>`nftables::rules::out::all`
     allow all outbound
     ### <a name="nftablesrulesoutceph_client"></a>`nftables::rules::out::ceph_client`
     ### <a name="nftables--rules--out--ceph_client"></a>`nftables::rules::out::ceph_client`
     Ceph is a distributed object store and file system.
     Enable this to be a client of Ceph's Monitor (MON),
-...
     The following parameters are available in the `nftables::rules::out::ceph_client` class:
     * [`ports`](#ports)
     * [`ports`](#-nftables--rules--out--ceph_client--ports)
     ##### <a name="ports"></a>`ports`
     ##### <a name="-nftables--rules--out--ceph_client--ports"></a>`ports`
     Data type: `Array[Stdlib::Port,1]`
-...
     Default value: `[3300, 6789]`
     ### <a name="nftablesrulesoutchrony"></a>`nftables::rules::out::chrony`
     ### <a name="nftables--rules--out--chrony"></a>`nftables::rules::out::chrony`
     manage out chrony
-...
     The following parameters are available in the `nftables::rules::out::chrony` class:
     * [`servers`](#servers)
     * [`servers`](#-nftables--rules--out--chrony--servers)
     ##### <a name="servers"></a>`servers`
     ##### <a name="-nftables--rules--out--chrony--servers"></a>`servers`
     Data type: `Array[Stdlib::IP::Address]`
-...
     Default value: `[]`
     ### <a name="nftablesrulesoutdhcp"></a>`nftables::rules::out::dhcp`
     ### <a name="nftables--rules--out--dhcp"></a>`nftables::rules::out::dhcp`
     manage out dhcp
     ### <a name="nftablesrulesoutdhcpv6_client"></a>`nftables::rules::out::dhcpv6_client`
     ### <a name="nftables--rules--out--dhcpv6_client"></a>`nftables::rules::out::dhcpv6_client`
     Allow DHCPv6 requests out of a host
     ### <a name="nftablesrulesoutdns"></a>`nftables::rules::out::dns`
     ### <a name="nftables--rules--out--dns"></a>`nftables::rules::out::dns`
     manage out dns
-...
     The following parameters are available in the `nftables::rules::out::dns` class:
     * [`dns_server`](#dns_server)
     * [`dns_server`](#-nftables--rules--out--dns--dns_server)
     ##### <a name="dns_server"></a>`dns_server`
     ##### <a name="-nftables--rules--out--dns--dns_server"></a>`dns_server`
     Data type: `Optional[Variant[String,Array[String,1]]]`
     specify dns_server name
     Default value: ``undef``
     Default value: `undef`
     ### <a name="nftablesrulesouthkp"></a>`nftables::rules::out::hkp`
     ### <a name="nftables--rules--out--hkp"></a>`nftables::rules::out::hkp`
     allow outgoing hkp connections to gpg keyservers
     ### <a name="nftablesrulesouthttp"></a>`nftables::rules::out::http`
     ### <a name="nftables--rules--out--http"></a>`nftables::rules::out::http`
     manage out http
     ### <a name="nftablesrulesouthttps"></a>`nftables::rules::out::https`
     ### <a name="nftables--rules--out--https"></a>`nftables::rules::out::https`
     manage out https
     ### <a name="nftablesrulesouticmp"></a>`nftables::rules::out::icmp`
     ### <a name="nftables--rules--out--icmp"></a>`nftables::rules::out::icmp`
     control outbound icmp packages
-...
     The following parameters are available in the `nftables::rules::out::icmp` class:
     * [`v4_types`](#v4_types)
     * [`v6_types`](#v6_types)
     * [`order`](#order)
     * [`v4_types`](#-nftables--rules--out--icmp--v4_types)
     * [`v6_types`](#-nftables--rules--out--icmp--v6_types)
     * [`order`](#-nftables--rules--out--icmp--order)
     ##### <a name="v4_types"></a>`v4_types`
     ##### <a name="-nftables--rules--out--icmp--v4_types"></a>`v4_types`
     Data type: `Optional[Array[String]]`
     Default value: ``undef``
     Default value: `undef`
     ##### <a name="v6_types"></a>`v6_types`
     ##### <a name="-nftables--rules--out--icmp--v6_types"></a>`v6_types`
     Data type: `Optional[Array[String]]`
     Default value: ``undef``
     Default value: `undef`
     ##### <a name="order"></a>`order`
     ##### <a name="-nftables--rules--out--icmp--order"></a>`order`
     Data type: `String`
-...
     Default value: `'10'`
     ### <a name="nftablesrulesoutimap"></a>`nftables::rules::out::imap`
     ### <a name="nftables--rules--out--imap"></a>`nftables::rules::out::imap`
     allow outgoing imap
     ### <a name="nftablesrulesoutkerberos"></a>`nftables::rules::out::kerberos`
     ### <a name="nftables--rules--out--kerberos"></a>`nftables::rules::out::kerberos`
     allows outbound access for kerberos
     ### <a name="nftablesrulesoutmysql"></a>`nftables::rules::out::mysql`
     ### <a name="nftables--rules--out--mysql"></a>`nftables::rules::out::mysql`
     manage out mysql
     ### <a name="nftablesrulesoutnfs"></a>`nftables::rules::out::nfs`
     ### <a name="nftables--rules--out--nfs"></a>`nftables::rules::out::nfs`
     manage out nfs
     ### <a name="nftablesrulesoutnfs3"></a>`nftables::rules::out::nfs3`
     ### <a name="nftables--rules--out--nfs3"></a>`nftables::rules::out::nfs3`
     manage out nfs3
     ### <a name="nftablesrulesoutopenafs_client"></a>`nftables::rules::out::openafs_client`
     ### <a name="nftables--rules--out--openafs_client"></a>`nftables::rules::out::openafs_client`
     allows outbound access for afs clients
 - afs3-fileserver
-...
     The following parameters are available in the `nftables::rules::out::openafs_client` class:
     * [`ports`](#ports)
     * [`ports`](#-nftables--rules--out--openafs_client--ports)
     ##### <a name="ports"></a>`ports`
     ##### <a name="-nftables--rules--out--openafs_client--ports"></a>`ports`
     Data type: `Array[Stdlib::Port,1]`
-...
     Default value: `[7000, 7002, 7003]`
     ### <a name="nftablesrulesoutospf"></a>`nftables::rules::out::ospf`
     ### <a name="nftables--rules--out--ospf"></a>`nftables::rules::out::ospf`
     manage out ospf
     ### <a name="nftablesrulesoutospf3"></a>`nftables::rules::out::ospf3`
     ### <a name="nftables--rules--out--ospf3"></a>`nftables::rules::out::ospf3`
     manage out ospf3
     ### <a name="nftablesrulesoutpop3"></a>`nftables::rules::out::pop3`
     ### <a name="nftables--rules--out--pop3"></a>`nftables::rules::out::pop3`
     allow outgoing pop3
     ### <a name="nftablesrulesoutpostgres"></a>`nftables::rules::out::postgres`
     ### <a name="nftables--rules--out--postgres"></a>`nftables::rules::out::postgres`
     manage out postgres
     ### <a name="nftablesrulesoutpuppet"></a>`nftables::rules::out::puppet`
     ### <a name="nftables--rules--out--puppet"></a>`nftables::rules::out::puppet`
     manage outgoing puppet
-...
     The following parameters are available in the `nftables::rules::out::puppet` class:
     * [`puppetserver`](#puppetserver)
     * [`puppetserver_port`](#puppetserver_port)
     * [`puppetserver`](#-nftables--rules--out--puppet--puppetserver)
     * [`puppetserver_port`](#-nftables--rules--out--puppet--puppetserver_port)
     ##### <a name="puppetserver"></a>`puppetserver`
     ##### <a name="-nftables--rules--out--puppet--puppetserver"></a>`puppetserver`
     Data type: `Variant[Stdlib::IP::Address,Array[Stdlib::IP::Address,1]]`
     puppetserver hostname
     ##### <a name="puppetserver_port"></a>`puppetserver_port`
     ##### <a name="-nftables--rules--out--puppet--puppetserver_port"></a>`puppetserver_port`
     Data type: `Stdlib::Port`
-...
     Default value: `8140`
     ### <a name="nftablesrulesoutpxp_agent"></a>`nftables::rules::out::pxp_agent`
     ### <a name="nftables--rules--out--pxp_agent"></a>`nftables::rules::out::pxp_agent`
     manage outgoing pxp-agent
-...
     The following parameters are available in the `nftables::rules::out::pxp_agent` class:
     * [`broker`](#broker)
     * [`broker_port`](#broker_port)
     * [`broker`](#-nftables--rules--out--pxp_agent--broker)
     * [`broker_port`](#-nftables--rules--out--pxp_agent--broker_port)
     ##### <a name="broker"></a>`broker`
     ##### <a name="-nftables--rules--out--pxp_agent--broker"></a>`broker`
     Data type: `Variant[Stdlib::IP::Address,Array[Stdlib::IP::Address,1]]`
     PXP broker IP(s)
     ##### <a name="broker_port"></a>`broker_port`
     ##### <a name="-nftables--rules--out--pxp_agent--broker_port"></a>`broker_port`
     Data type: `Stdlib::Port`
-...
     Default value: `8142`
     ### <a name="nftablesrulesoutsmtp"></a>`nftables::rules::out::smtp`
     ### <a name="nftables--rules--out--smtp"></a>`nftables::rules::out::smtp`
     allow outgoing smtp
     ### <a name="nftablesrulesoutsmtp_client"></a>`nftables::rules::out::smtp_client`
     ### <a name="nftables--rules--out--smtp_client"></a>`nftables::rules::out::smtp_client`
     allow outgoing smtp client
     ### <a name="nftablesrulesoutssh"></a>`nftables::rules::out::ssh`
     ### <a name="nftables--rules--out--ssh"></a>`nftables::rules::out::ssh`
     manage out ssh
     ### <a name="nftablesrulesoutsshremove"></a>`nftables::rules::out::ssh::remove`
     ### <a name="nftables--rules--out--ssh--remove"></a>`nftables::rules::out::ssh::remove`
     disable outgoing ssh
     ### <a name="nftablesrulesouttor"></a>`nftables::rules::out::tor`
     ### <a name="nftables--rules--out--tor"></a>`nftables::rules::out::tor`
     manage out tor
     ### <a name="nftablesrulesoutwhois"></a>`nftables::rules::out::whois`
     ### <a name="nftables--rules--out--whois"></a>`nftables::rules::out::whois`
     allow clients to query remote whois server
     ### <a name="nftablesrulesoutwireguard"></a>`nftables::rules::out::wireguard`
     ### <a name="nftables--rules--out--wireguard"></a>`nftables::rules::out::wireguard`
     manage out wireguard
-...
     The following parameters are available in the `nftables::rules::out::wireguard` class:
     * [`ports`](#ports)
     * [`ports`](#-nftables--rules--out--wireguard--ports)
     ##### <a name="ports"></a>`ports`
     ##### <a name="-nftables--rules--out--wireguard--ports"></a>`ports`
     Data type: `Array[Integer,1]`
-...
     Default value: `[51820]`
     ### <a name="nftablesrulespuppet"></a>`nftables::rules::puppet`
     ### <a name="nftables--rules--puppet"></a>`nftables::rules::puppet`
     manage in puppet
-...
     The following parameters are available in the `nftables::rules::puppet` class:
     * [`ports`](#ports)
     * [`ports`](#-nftables--rules--puppet--ports)
     ##### <a name="ports"></a>`ports`
     ##### <a name="-nftables--rules--puppet--ports"></a>`ports`
     Data type: `Array[Integer,1]`
-...
     Default value: `[8140]`
     ### <a name="nftablesrulespxp_agent"></a>`nftables::rules::pxp_agent`
     ### <a name="nftables--rules--pxp_agent"></a>`nftables::rules::pxp_agent`
     manage in pxp-agent
-...
     The following parameters are available in the `nftables::rules::pxp_agent` class:
     * [`ports`](#ports)
     * [`ports`](#-nftables--rules--pxp_agent--ports)
     ##### <a name="ports"></a>`ports`
     ##### <a name="-nftables--rules--pxp_agent--ports"></a>`ports`
     Data type: `Array[Stdlib::Port,1]`
-...
     Default value: `[8142]`
     ### <a name="nftablesrulesqemu"></a>`nftables::rules::qemu`
     ### <a name="nftables--rules--qemu"></a>`nftables::rules::qemu`
     This class configures the typical firewall setup that libvirt
     creates. Depending on your requirements you can switch on and off
-...
     The following parameters are available in the `nftables::rules::qemu` class:
     * [`interface`](#interface)
     * [`network_v4`](#network_v4)
     * [`network_v6`](#network_v6)
     * [`dns`](#dns)
     * [`dhcpv4`](#dhcpv4)
     * [`forward_traffic`](#forward_traffic)
     * [`internal_traffic`](#internal_traffic)
     * [`masquerade`](#masquerade)
     * [`interface`](#-nftables--rules--qemu--interface)
     * [`network_v4`](#-nftables--rules--qemu--network_v4)
     * [`network_v6`](#-nftables--rules--qemu--network_v6)
     * [`dns`](#-nftables--rules--qemu--dns)
     * [`dhcpv4`](#-nftables--rules--qemu--dhcpv4)
     * [`forward_traffic`](#-nftables--rules--qemu--forward_traffic)
     * [`internal_traffic`](#-nftables--rules--qemu--internal_traffic)
     * [`masquerade`](#-nftables--rules--qemu--masquerade)
     ##### <a name="interface"></a>`interface`
     ##### <a name="-nftables--rules--qemu--interface"></a>`interface`
     Data type: `String[1]`
-...
     Default value: `'virbr0'`
     ##### <a name="network_v4"></a>`network_v4`
     ##### <a name="-nftables--rules--qemu--network_v4"></a>`network_v4`
     Data type: `Stdlib::IP::Address::V4::CIDR`
-...
     Default value: `'192.168.122.0/24'`
     ##### <a name="network_v6"></a>`network_v6`
     ##### <a name="-nftables--rules--qemu--network_v6"></a>`network_v6`
     Data type: `Optional[Stdlib::IP::Address::V6::CIDR]`
     The IPv6 network prefix used in the virtual network.
     Default value: ``undef``
     Default value: `undef`
     ##### <a name="dns"></a>`dns`
     ##### <a name="-nftables--rules--qemu--dns"></a>`dns`
     Data type: `Boolean`
     Allow DNS traffic from the guests to the host.
     Default value: ``true``
     Default value: `true`
     ##### <a name="dhcpv4"></a>`dhcpv4`
     ##### <a name="-nftables--rules--qemu--dhcpv4"></a>`dhcpv4`
     Data type: `Boolean`
     Allow DHCPv4 traffic from the guests to the host.
     Default value: ``true``
     Default value: `true`
     ##### <a name="forward_traffic"></a>`forward_traffic`
     ##### <a name="-nftables--rules--qemu--forward_traffic"></a>`forward_traffic`
     Data type: `Boolean`
     Allow forwarded traffic (out all, in related/established)
     generated by the virtual network.
     Default value: ``true``
     Default value: `true`
     ##### <a name="internal_traffic"></a>`internal_traffic`
     ##### <a name="-nftables--rules--qemu--internal_traffic"></a>`internal_traffic`
     Data type: `Boolean`
     Allow guests in the virtual network to talk to each other.
     Default value: ``true``
     Default value: `true`
     ##### <a name="masquerade"></a>`masquerade`
     ##### <a name="-nftables--rules--qemu--masquerade"></a>`masquerade`
     Data type: `Boolean`
     Do NAT masquerade on all IPv4 traffic generated by guests
     to external networks.
     Default value: ``true``
     Default value: `true`
     ### <a name="nftablesrulessamba"></a>`nftables::rules::samba`
     ### <a name="nftables--rules--samba"></a>`nftables::rules::samba`
     manage Samba, the suite to allow Windows file sharing on Linux resources.
-...
     The following parameters are available in the `nftables::rules::samba` class:
     * [`ctdb`](#ctdb)
     * [`ctdb`](#-nftables--rules--samba--ctdb)
     ##### <a name="ctdb"></a>`ctdb`
     ##### <a name="-nftables--rules--samba--ctdb"></a>`ctdb`
     Data type: `Boolean`
     Enable ctdb-driven clustered Samba setups.
     Default value: ``false``
     Default value: `false`
     ### <a name="nftablesrulessmtp"></a>`nftables::rules::smtp`
     ### <a name="nftables--rules--smtp"></a>`nftables::rules::smtp`
     manage in smtp
     ### <a name="nftablesrulessmtp_submission"></a>`nftables::rules::smtp_submission`
     ### <a name="nftables--rules--smtp_submission"></a>`nftables::rules::smtp_submission`
     manage in smtp submission
     ### <a name="nftablesrulessmtps"></a>`nftables::rules::smtps`
     ### <a name="nftables--rules--smtps"></a>`nftables::rules::smtps`
     manage in smtps
     ### <a name="nftablesrulesssh"></a>`nftables::rules::ssh`
     ### <a name="nftables--rules--ssh"></a>`nftables::rules::ssh`
     manage in ssh
-...
     The following parameters are available in the `nftables::rules::ssh` class:
     * [`ports`](#ports)
     * [`ports`](#-nftables--rules--ssh--ports)
     ##### <a name="ports"></a>`ports`
     ##### <a name="-nftables--rules--ssh--ports"></a>`ports`
     Data type: `Array[Stdlib::Port,1]`
-...
     Default value: `[22]`
     ### <a name="nftablesrulestor"></a>`nftables::rules::tor`
     ### <a name="nftables--rules--tor"></a>`nftables::rules::tor`
     manage in tor
-...
     The following parameters are available in the `nftables::rules::tor` class:
     * [`ports`](#ports)
     * [`ports`](#-nftables--rules--tor--ports)
     ##### <a name="ports"></a>`ports`
     ##### <a name="-nftables--rules--tor--ports"></a>`ports`
     Data type: `Array[Stdlib::Port,1]`
-...
     Default value: `[9001]`
     ### <a name="nftablesruleswireguard"></a>`nftables::rules::wireguard`
     ### <a name="nftables--rules--wireguard"></a>`nftables::rules::wireguard`
     manage in wireguard
-...
     The following parameters are available in the `nftables::rules::wireguard` class:
     * [`ports`](#ports)
     * [`ports`](#-nftables--rules--wireguard--ports)
     ##### <a name="ports"></a>`ports`
     ##### <a name="-nftables--rules--wireguard--ports"></a>`ports`
     Data type: `Array[Stdlib::Port,1]`
-...
     Default value: `[51820]`
     ### <a name="nftablesservicesdhcpv6_client"></a>`nftables::services::dhcpv6_client`
     ### <a name="nftables--services--dhcpv6_client"></a>`nftables::services::dhcpv6_client`
     Allow in and outbound traffic for DHCPv6 server
     ### <a name="nftablesservicesopenafs_client"></a>`nftables::services::openafs_client`
     ### <a name="nftables--services--openafs_client"></a>`nftables::services::openafs_client`
     Open inbound and outbound ports for an AFS client
     ## Defined types
     ### <a name="nftableschain"></a>`nftables::chain`
     ### <a name="nftables--chain"></a>`nftables::chain`
     manage a chain
-...
     The following parameters are available in the `nftables::chain` defined type:
     * [`table`](#table)
     * [`chain`](#chain)
     * [`inject`](#inject)
     * [`inject_iif`](#inject_iif)
     * [`inject_oif`](#inject_oif)
     * [`table`](#-nftables--chain--table)
     * [`chain`](#-nftables--chain--chain)
     * [`inject`](#-nftables--chain--inject)
     * [`inject_iif`](#-nftables--chain--inject_iif)
     * [`inject_oif`](#-nftables--chain--inject_oif)
     ##### <a name="table"></a>`table`
     ##### <a name="-nftables--chain--table"></a>`table`
     Data type: `Pattern[/^(ip|ip6|inet|netdev|bridge)-[a-zA-Z0-9_]+$/]`
-...
     Default value: `'inet-filter'`
     ##### <a name="chain"></a>`chain`
     ##### <a name="-nftables--chain--chain"></a>`chain`
     Data type: `Pattern[/^[a-zA-Z0-9_]+$/]`
-...
     Default value: `$title`
     ##### <a name="inject"></a>`inject`
     ##### <a name="-nftables--chain--inject"></a>`inject`
     Data type: `Optional[Pattern[/^\d\d-[a-zA-Z0-9_]+$/]]`
     Default value: ``undef``
     Default value: `undef`
     ##### <a name="inject_iif"></a>`inject_iif`
     ##### <a name="-nftables--chain--inject_iif"></a>`inject_iif`
     Data type: `Optional[String]`
     Default value: ``undef``
     Default value: `undef`
     ##### <a name="inject_oif"></a>`inject_oif`
     ##### <a name="-nftables--chain--inject_oif"></a>`inject_oif`
     Data type: `Optional[String]`
     Default value: ``undef``
     Default value: `undef`
     ### <a name="nftablesconfig"></a>`nftables::config`
     ### <a name="nftables--config"></a>`nftables::config`
     manage a config snippet
-...
     The following parameters are available in the `nftables::config` defined type:
     * [`tablespec`](#tablespec)
     * [`content`](#content)
     * [`source`](#source)
     * [`prefix`](#prefix)
     * [`tablespec`](#-nftables--config--tablespec)
     * [`content`](#-nftables--config--content)
     * [`source`](#-nftables--config--source)
     * [`prefix`](#-nftables--config--prefix)
     ##### <a name="tablespec"></a>`tablespec`
     ##### <a name="-nftables--config--tablespec"></a>`tablespec`
     Data type: `Pattern[/^\w+-\w+$/]`
-...
     Default value: `$title`
     ##### <a name="content"></a>`content`
     ##### <a name="-nftables--config--content"></a>`content`
     Data type: `Optional[String]`

... Ce différentiel a été tronqué car il excède la taille maximale pouvant être affichée.

Formats disponibles : Unified diff

Projet

Général

Profil

puppet nftables

Révision c24d3118