/REFERENCE.md - Diff - puppet nftables - Koumbit's Redmine

Révision cd2a3cbf

ID	cd2a3cbf5e6d9c17b8e9a92097d0e33cf769791f
Parent	18b211e7
Enfant	3f2f50c9

Ajouté par Nacho Barrientos il y a environ 4 ans

Add rules for QEMU/libvirt guests

     * [`nftables::rules::out::tor`](#nftablesrulesouttor): manage out tor
     * [`nftables::rules::out::wireguard`](#nftablesrulesoutwireguard): manage out wireguard
     * [`nftables::rules::puppet`](#nftablesrulespuppet): manage in puppet
     * [`nftables::rules::qemu`](#nftablesrulesqemu): Bridged network configuration for qemu/libvirt
     * [`nftables::rules::samba`](#nftablesrulessamba): manage Samba, the suite to allow Windows file sharing on Linux resources.
     * [`nftables::rules::smtp`](#nftablesrulessmtp): manage in smtp
     * [`nftables::rules::smtp_submission`](#nftablesrulessmtp_submission): manage in smtp submission
-...
     Default value: `[8140]`
     ### <a name="nftablesrulesqemu"></a>`nftables::rules::qemu`
     This class configures the typical firewall setup that libvirt
     creates. Depending on your requirements you can switch on and off
     several aspects, for instance if you don't do DHCP to your guests
     you can disable the rules that accept DHCP traffic on the host or if
     you don't want your guests to talk to hosts outside you can disable
     forwarding and/or masquerading for IPv4 traffic.
     #### Parameters
     The following parameters are available in the `nftables::rules::qemu` class:
     * [`interface`](#interface)
     * [`network_v4`](#network_v4)
     * [`network_v6`](#network_v6)
     * [`dns`](#dns)
     * [`dhcpv4`](#dhcpv4)
     * [`forward_traffic`](#forward_traffic)
     * [`internal_traffic`](#internal_traffic)
     * [`masquerade`](#masquerade)
     ##### <a name="interface"></a>`interface`
     Data type: `String[1]`
     Interface name used by the bridge.
     Default value: `'virbr0'`
     ##### <a name="network_v4"></a>`network_v4`
     Data type: `Stdlib::IP::Address::V4::CIDR`
     The IPv4 network prefix used in the virtual network.
     Default value: `'192.168.122.0/24'`
     ##### <a name="network_v6"></a>`network_v6`
     Data type: `Optional[Stdlib::IP::Address::V6::CIDR]`
     The IPv6 network prefix used in the virtual network.
     Default value: ``undef``
     ##### <a name="dns"></a>`dns`
     Data type: `Boolean`
     Allow DNS traffic from the guests to the host.
     Default value: ``true``
     ##### <a name="dhcpv4"></a>`dhcpv4`
     Data type: `Boolean`
     Allow DHCPv4 traffic from the guests to the host.
     Default value: ``true``
     ##### <a name="forward_traffic"></a>`forward_traffic`
     Data type: `Boolean`
     Allow forwarded traffic (out all, in related/established)
     generated by the virtual network.
     Default value: ``true``
     ##### <a name="internal_traffic"></a>`internal_traffic`
     Data type: `Boolean`
     Allow guests in the virtual network to talk to each other.
     Default value: ``true``
     ##### <a name="masquerade"></a>`masquerade`
     Data type: `Boolean`
     Do NAT masquerade on all IPv4 traffic generated by guests
     to external networks.
     Default value: ``true``
     ### <a name="nftablesrulessamba"></a>`nftables::rules::samba`
     manage Samba, the suite to allow Windows file sharing on Linux resources.

Formats disponibles : Unified diff

Projet

Général

Profil

puppet nftables

Révision cd2a3cbf