root / REFERENCE.md @ e17693e3
Historique | Voir | Annoter | Télécharger (10,9 ko)
| 1 | e17693e3 | Steve Traylen | # Reference |
|---|---|---|---|
| 2 | |||
| 3 | <!-- DO NOT EDIT: This document was generated by Puppet Strings --> |
||
| 4 | |||
| 5 | ## Table of Contents |
||
| 6 | |||
| 7 | ### Classes |
||
| 8 | |||
| 9 | * [`nftables`](#nftables): Configure nftables |
||
| 10 | * [`nftables::inet_filter`](#nftablesinet_filter): manage basic chains in table inet filter |
||
| 11 | * [`nftables::ip_nat`](#nftablesip_nat): manage basic chains in table ip nat |
||
| 12 | * [`nftables::rules::http`](#nftablesruleshttp): manage in http |
||
| 13 | * [`nftables::rules::https`](#nftablesruleshttps): manage in https |
||
| 14 | * [`nftables::rules::icinga2`](#nftablesrulesicinga2): manage in icinga2 |
||
| 15 | * [`nftables::rules::ospf`](#nftablesrulesospf): manage in ospf |
||
| 16 | * [`nftables::rules::ospf3`](#nftablesrulesospf3): manage in ospf3 |
||
| 17 | * [`nftables::rules::out::all`](#nftablesrulesoutall): allow all outbound |
||
| 18 | * [`nftables::rules::out::chrony`](#nftablesrulesoutchrony): manage out chrony |
||
| 19 | * [`nftables::rules::out::dhcp`](#nftablesrulesoutdhcp): manage out dhcp |
||
| 20 | * [`nftables::rules::out::dns`](#nftablesrulesoutdns): manage out dns |
||
| 21 | * [`nftables::rules::out::http`](#nftablesrulesouthttp): manage out http |
||
| 22 | * [`nftables::rules::out::https`](#nftablesrulesouthttps): manage out https |
||
| 23 | * [`nftables::rules::out::mysql`](#nftablesrulesoutmysql): manage out mysql |
||
| 24 | * [`nftables::rules::out::ospf`](#nftablesrulesoutospf): manage out ospf |
||
| 25 | * [`nftables::rules::out::ospf3`](#nftablesrulesoutospf3): manage out ospf3 |
||
| 26 | * [`nftables::rules::out::postgres`](#nftablesrulesoutpostgres): manage out postgres |
||
| 27 | * [`nftables::rules::out::puppet`](#nftablesrulesoutpuppet): manage outgoing puppet |
||
| 28 | * [`nftables::rules::out::smtp`](#nftablesrulesoutsmtp): manage out smtp |
||
| 29 | * [`nftables::rules::out::ssh`](#nftablesrulesoutssh): manage out ssh |
||
| 30 | * [`nftables::rules::out::ssh::remove`](#nftablesrulesoutsshremove): disable outgoing ssh |
||
| 31 | * [`nftables::rules::out::tor`](#nftablesrulesouttor): manage out tor |
||
| 32 | * [`nftables::rules::out::wireguard`](#nftablesrulesoutwireguard): manage out wireguard |
||
| 33 | * [`nftables::rules::puppet`](#nftablesrulespuppet): manage in puppet |
||
| 34 | * [`nftables::rules::smtp`](#nftablesrulessmtp): manage in smtp |
||
| 35 | * [`nftables::rules::smtp_submission`](#nftablesrulessmtp_submission): manage in smtp submission |
||
| 36 | * [`nftables::rules::smtps`](#nftablesrulessmtps): manage in smtps |
||
| 37 | * [`nftables::rules::ssh`](#nftablesrulesssh): manage in ssh |
||
| 38 | * [`nftables::rules::tor`](#nftablesrulestor): manage in tor |
||
| 39 | * [`nftables::rules::wireguard`](#nftablesruleswireguard): manage in wireguard |
||
| 40 | |||
| 41 | ### Defined types |
||
| 42 | |||
| 43 | * [`nftables::chain`](#nftableschain): manage a chain |
||
| 44 | * [`nftables::config`](#nftablesconfig): manage a config snippet |
||
| 45 | * [`nftables::rule`](#nftablesrule): manage a chain rule Name should be: CHAIN_NAME-rulename |
||
| 46 | * [`nftables::rules::dnat4`](#nftablesrulesdnat4): manage a ipv4 dnat rule |
||
| 47 | * [`nftables::rules::masquerade`](#nftablesrulesmasquerade): masquerade all outgoing traffic |
||
| 48 | * [`nftables::rules::snat4`](#nftablesrulessnat4): manage a ipv4 snat rule |
||
| 49 | |||
| 50 | ## Classes |
||
| 51 | |||
| 52 | ### `nftables` |
||
| 53 | |||
| 54 | Configure nftables |
||
| 55 | |||
| 56 | #### Examples |
||
| 57 | |||
| 58 | ##### |
||
| 59 | |||
| 60 | ```puppet |
||
| 61 | class{'nftables:
|
||
| 62 | out_ntp = false, |
||
| 63 | out_dns = true, |
||
| 64 | } |
||
| 65 | ``` |
||
| 66 | |||
| 67 | #### Parameters |
||
| 68 | |||
| 69 | The following parameters are available in the `nftables` class. |
||
| 70 | |||
| 71 | ##### `out_all` |
||
| 72 | |||
| 73 | Data type: `Boolean` |
||
| 74 | |||
| 75 | Allow all outbound connections. If `true` then all other |
||
| 76 | out parameters `out_ntp`, `out_dns`, ... will be assuemed |
||
| 77 | false. |
||
| 78 | |||
| 79 | Default value: ``false`` |
||
| 80 | |||
| 81 | ##### `out_ntp` |
||
| 82 | |||
| 83 | Data type: `Boolean` |
||
| 84 | |||
| 85 | Allow outbound to ntp servers. |
||
| 86 | |||
| 87 | Default value: ``true`` |
||
| 88 | |||
| 89 | ##### `out_http` |
||
| 90 | |||
| 91 | Data type: `Boolean` |
||
| 92 | |||
| 93 | Allow outbound to http servers. |
||
| 94 | |||
| 95 | Default value: ``true`` |
||
| 96 | |||
| 97 | ##### `out_https` |
||
| 98 | |||
| 99 | Data type: `Boolean` |
||
| 100 | |||
| 101 | Allow outbound to https servers. |
||
| 102 | |||
| 103 | Default value: ``true`` |
||
| 104 | |||
| 105 | ##### `out_https` |
||
| 106 | |||
| 107 | Allow outbound to https servers. |
||
| 108 | |||
| 109 | Default value: ``true`` |
||
| 110 | |||
| 111 | ##### `in_ssh` |
||
| 112 | |||
| 113 | Data type: `Boolean` |
||
| 114 | |||
| 115 | Allow inbound to ssh servers. |
||
| 116 | |||
| 117 | Default value: ``true`` |
||
| 118 | |||
| 119 | ##### `out_dns` |
||
| 120 | |||
| 121 | Data type: `Boolean` |
||
| 122 | |||
| 123 | |||
| 124 | |||
| 125 | Default value: ``true`` |
||
| 126 | |||
| 127 | ### `nftables::inet_filter` |
||
| 128 | |||
| 129 | manage basic chains in table inet filter |
||
| 130 | |||
| 131 | ### `nftables::ip_nat` |
||
| 132 | |||
| 133 | manage basic chains in table ip nat |
||
| 134 | |||
| 135 | ### `nftables::rules::http` |
||
| 136 | |||
| 137 | manage in http |
||
| 138 | |||
| 139 | ### `nftables::rules::https` |
||
| 140 | |||
| 141 | manage in https |
||
| 142 | |||
| 143 | ### `nftables::rules::icinga2` |
||
| 144 | |||
| 145 | manage in icinga2 |
||
| 146 | |||
| 147 | #### Parameters |
||
| 148 | |||
| 149 | The following parameters are available in the `nftables::rules::icinga2` class. |
||
| 150 | |||
| 151 | ##### `ports` |
||
| 152 | |||
| 153 | Data type: `Array[Integer,1]` |
||
| 154 | |||
| 155 | |||
| 156 | |||
| 157 | Default value: `[5665]` |
||
| 158 | |||
| 159 | ### `nftables::rules::ospf` |
||
| 160 | |||
| 161 | manage in ospf |
||
| 162 | |||
| 163 | ### `nftables::rules::ospf3` |
||
| 164 | |||
| 165 | manage in ospf3 |
||
| 166 | |||
| 167 | ### `nftables::rules::out::all` |
||
| 168 | |||
| 169 | allow all outbound |
||
| 170 | |||
| 171 | ### `nftables::rules::out::chrony` |
||
| 172 | |||
| 173 | manage out chrony |
||
| 174 | |||
| 175 | ### `nftables::rules::out::dhcp` |
||
| 176 | |||
| 177 | manage out dhcp |
||
| 178 | |||
| 179 | ### `nftables::rules::out::dns` |
||
| 180 | |||
| 181 | manage out dns |
||
| 182 | |||
| 183 | #### Parameters |
||
| 184 | |||
| 185 | The following parameters are available in the `nftables::rules::out::dns` class. |
||
| 186 | |||
| 187 | ##### `dns_server` |
||
| 188 | |||
| 189 | Data type: `Optional[Variant[String,Array[String,1]]]` |
||
| 190 | |||
| 191 | |||
| 192 | |||
| 193 | Default value: ``undef`` |
||
| 194 | |||
| 195 | ### `nftables::rules::out::http` |
||
| 196 | |||
| 197 | manage out http |
||
| 198 | |||
| 199 | ### `nftables::rules::out::https` |
||
| 200 | |||
| 201 | manage out https |
||
| 202 | |||
| 203 | ### `nftables::rules::out::mysql` |
||
| 204 | |||
| 205 | manage out mysql |
||
| 206 | |||
| 207 | ### `nftables::rules::out::ospf` |
||
| 208 | |||
| 209 | manage out ospf |
||
| 210 | |||
| 211 | ### `nftables::rules::out::ospf3` |
||
| 212 | |||
| 213 | manage out ospf3 |
||
| 214 | |||
| 215 | ### `nftables::rules::out::postgres` |
||
| 216 | |||
| 217 | manage out postgres |
||
| 218 | |||
| 219 | ### `nftables::rules::out::puppet` |
||
| 220 | |||
| 221 | manage outgoing puppet |
||
| 222 | |||
| 223 | #### Parameters |
||
| 224 | |||
| 225 | The following parameters are available in the `nftables::rules::out::puppet` class. |
||
| 226 | |||
| 227 | ##### `puppetmaster` |
||
| 228 | |||
| 229 | Data type: `Variant[String,Array[String,1]]` |
||
| 230 | |||
| 231 | |||
| 232 | |||
| 233 | ##### `puppetserver_port` |
||
| 234 | |||
| 235 | Data type: `Integer` |
||
| 236 | |||
| 237 | |||
| 238 | |||
| 239 | Default value: `8140` |
||
| 240 | |||
| 241 | ### `nftables::rules::out::smtp` |
||
| 242 | |||
| 243 | manage out smtp |
||
| 244 | |||
| 245 | ### `nftables::rules::out::ssh` |
||
| 246 | |||
| 247 | manage out ssh |
||
| 248 | |||
| 249 | ### `nftables::rules::out::ssh::remove` |
||
| 250 | |||
| 251 | disable outgoing ssh |
||
| 252 | |||
| 253 | ### `nftables::rules::out::tor` |
||
| 254 | |||
| 255 | manage out tor |
||
| 256 | |||
| 257 | ### `nftables::rules::out::wireguard` |
||
| 258 | |||
| 259 | manage out wireguard |
||
| 260 | |||
| 261 | #### Parameters |
||
| 262 | |||
| 263 | The following parameters are available in the `nftables::rules::out::wireguard` class. |
||
| 264 | |||
| 265 | ##### `ports` |
||
| 266 | |||
| 267 | Data type: `Array[Integer,1]` |
||
| 268 | |||
| 269 | |||
| 270 | |||
| 271 | Default value: `[51820]` |
||
| 272 | |||
| 273 | ### `nftables::rules::puppet` |
||
| 274 | |||
| 275 | manage in puppet |
||
| 276 | |||
| 277 | #### Parameters |
||
| 278 | |||
| 279 | The following parameters are available in the `nftables::rules::puppet` class. |
||
| 280 | |||
| 281 | ##### `ports` |
||
| 282 | |||
| 283 | Data type: `Array[Integer,1]` |
||
| 284 | |||
| 285 | |||
| 286 | |||
| 287 | Default value: `[8140]` |
||
| 288 | |||
| 289 | ### `nftables::rules::smtp` |
||
| 290 | |||
| 291 | manage in smtp |
||
| 292 | |||
| 293 | ### `nftables::rules::smtp_submission` |
||
| 294 | |||
| 295 | manage in smtp submission |
||
| 296 | |||
| 297 | ### `nftables::rules::smtps` |
||
| 298 | |||
| 299 | manage in smtps |
||
| 300 | |||
| 301 | ### `nftables::rules::ssh` |
||
| 302 | |||
| 303 | manage in ssh |
||
| 304 | |||
| 305 | #### Parameters |
||
| 306 | |||
| 307 | The following parameters are available in the `nftables::rules::ssh` class. |
||
| 308 | |||
| 309 | ##### `ports` |
||
| 310 | |||
| 311 | Data type: `Array[Integer,1]` |
||
| 312 | |||
| 313 | |||
| 314 | |||
| 315 | Default value: `[22]` |
||
| 316 | |||
| 317 | ### `nftables::rules::tor` |
||
| 318 | |||
| 319 | manage in tor |
||
| 320 | |||
| 321 | #### Parameters |
||
| 322 | |||
| 323 | The following parameters are available in the `nftables::rules::tor` class. |
||
| 324 | |||
| 325 | ##### `ports` |
||
| 326 | |||
| 327 | Data type: `Array[Integer,1]` |
||
| 328 | |||
| 329 | |||
| 330 | |||
| 331 | Default value: `[9001]` |
||
| 332 | |||
| 333 | ### `nftables::rules::wireguard` |
||
| 334 | |||
| 335 | manage in wireguard |
||
| 336 | |||
| 337 | #### Parameters |
||
| 338 | |||
| 339 | The following parameters are available in the `nftables::rules::wireguard` class. |
||
| 340 | |||
| 341 | ##### `ports` |
||
| 342 | |||
| 343 | Data type: `Array[Integer,1]` |
||
| 344 | |||
| 345 | |||
| 346 | |||
| 347 | Default value: `[51820]` |
||
| 348 | |||
| 349 | ## Defined types |
||
| 350 | |||
| 351 | ### `nftables::chain` |
||
| 352 | |||
| 353 | manage a chain |
||
| 354 | |||
| 355 | #### Parameters |
||
| 356 | |||
| 357 | The following parameters are available in the `nftables::chain` defined type. |
||
| 358 | |||
| 359 | ##### `table` |
||
| 360 | |||
| 361 | Data type: `Pattern[/^(ip|ip6|inet)-[a-zA-Z0-9_]+$/]` |
||
| 362 | |||
| 363 | |||
| 364 | |||
| 365 | Default value: `'inet-filter'` |
||
| 366 | |||
| 367 | ##### `chain` |
||
| 368 | |||
| 369 | Data type: `Pattern[/^[a-zA-Z0-9_]+$/]` |
||
| 370 | |||
| 371 | |||
| 372 | |||
| 373 | Default value: `$title` |
||
| 374 | |||
| 375 | ##### `inject` |
||
| 376 | |||
| 377 | Data type: `Optional[Pattern[/^\d\d-[a-zA-Z0-9_]+$/]]` |
||
| 378 | |||
| 379 | |||
| 380 | |||
| 381 | Default value: ``undef`` |
||
| 382 | |||
| 383 | ##### `inject_iif` |
||
| 384 | |||
| 385 | Data type: `Optional[String]` |
||
| 386 | |||
| 387 | |||
| 388 | |||
| 389 | Default value: ``undef`` |
||
| 390 | |||
| 391 | ##### `inject_oif` |
||
| 392 | |||
| 393 | Data type: `Optional[String]` |
||
| 394 | |||
| 395 | |||
| 396 | |||
| 397 | Default value: ``undef`` |
||
| 398 | |||
| 399 | ### `nftables::config` |
||
| 400 | |||
| 401 | manage a config snippet |
||
| 402 | |||
| 403 | #### Parameters |
||
| 404 | |||
| 405 | The following parameters are available in the `nftables::config` defined type. |
||
| 406 | |||
| 407 | ##### `content` |
||
| 408 | |||
| 409 | Data type: `Optional[String]` |
||
| 410 | |||
| 411 | |||
| 412 | |||
| 413 | Default value: ``undef`` |
||
| 414 | |||
| 415 | ##### `source` |
||
| 416 | |||
| 417 | Data type: `Optional[Variant[String,Array[String,1]]]` |
||
| 418 | |||
| 419 | |||
| 420 | |||
| 421 | Default value: ``undef`` |
||
| 422 | |||
| 423 | ### `nftables::rule` |
||
| 424 | |||
| 425 | manage a chain rule |
||
| 426 | Name should be: |
||
| 427 | CHAIN_NAME-rulename |
||
| 428 | |||
| 429 | #### Parameters |
||
| 430 | |||
| 431 | The following parameters are available in the `nftables::rule` defined type. |
||
| 432 | |||
| 433 | ##### `ensure` |
||
| 434 | |||
| 435 | Data type: `Enum['present','absent']` |
||
| 436 | |||
| 437 | |||
| 438 | |||
| 439 | Default value: `'present'` |
||
| 440 | |||
| 441 | ##### `rulename` |
||
| 442 | |||
| 443 | Data type: `Pattern[/^[a-zA-Z0-9_]+-[a-zA-Z0-9_]+(-\d+)?$/]` |
||
| 444 | |||
| 445 | |||
| 446 | |||
| 447 | Default value: `$title` |
||
| 448 | |||
| 449 | ##### `order` |
||
| 450 | |||
| 451 | Data type: `Pattern[/^\d\d$/]` |
||
| 452 | |||
| 453 | |||
| 454 | |||
| 455 | Default value: `'50'` |
||
| 456 | |||
| 457 | ##### `table` |
||
| 458 | |||
| 459 | Data type: `Optional[String]` |
||
| 460 | |||
| 461 | |||
| 462 | |||
| 463 | Default value: `'inet-filter'` |
||
| 464 | |||
| 465 | ##### `content` |
||
| 466 | |||
| 467 | Data type: `Optional[String]` |
||
| 468 | |||
| 469 | |||
| 470 | |||
| 471 | Default value: ``undef`` |
||
| 472 | |||
| 473 | ##### `source` |
||
| 474 | |||
| 475 | Data type: `Optional[Variant[String,Array[String,1]]]` |
||
| 476 | |||
| 477 | |||
| 478 | |||
| 479 | Default value: ``undef`` |
||
| 480 | |||
| 481 | ### `nftables::rules::dnat4` |
||
| 482 | |||
| 483 | manage a ipv4 dnat rule |
||
| 484 | |||
| 485 | #### Parameters |
||
| 486 | |||
| 487 | The following parameters are available in the `nftables::rules::dnat4` defined type. |
||
| 488 | |||
| 489 | ##### `daddr` |
||
| 490 | |||
| 491 | Data type: `Pattern[/^[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}$/]`
|
||
| 492 | |||
| 493 | |||
| 494 | |||
| 495 | ##### `port` |
||
| 496 | |||
| 497 | Data type: `Variant[String,Integer[1,65535]]` |
||
| 498 | |||
| 499 | |||
| 500 | |||
| 501 | ##### `rulename` |
||
| 502 | |||
| 503 | Data type: `Pattern[/^[a-zA-Z0-9_]+$/]` |
||
| 504 | |||
| 505 | |||
| 506 | |||
| 507 | Default value: `$title` |
||
| 508 | |||
| 509 | ##### `order` |
||
| 510 | |||
| 511 | Data type: `Pattern[/^\d\d$/]` |
||
| 512 | |||
| 513 | |||
| 514 | |||
| 515 | Default value: `'50'` |
||
| 516 | |||
| 517 | ##### `chain` |
||
| 518 | |||
| 519 | Data type: `String[1]` |
||
| 520 | |||
| 521 | |||
| 522 | |||
| 523 | Default value: `'default_fwd'` |
||
| 524 | |||
| 525 | ##### `iif` |
||
| 526 | |||
| 527 | Data type: `Optional[String[1]]` |
||
| 528 | |||
| 529 | |||
| 530 | |||
| 531 | Default value: ``undef`` |
||
| 532 | |||
| 533 | ##### `proto` |
||
| 534 | |||
| 535 | Data type: `Enum['tcp','udp']` |
||
| 536 | |||
| 537 | |||
| 538 | |||
| 539 | Default value: `'tcp'` |
||
| 540 | |||
| 541 | ##### `dport` |
||
| 542 | |||
| 543 | Data type: `Optional[Variant[String,Integer[1,65535]]]` |
||
| 544 | |||
| 545 | |||
| 546 | |||
| 547 | Default value: `''` |
||
| 548 | |||
| 549 | ##### `ensure` |
||
| 550 | |||
| 551 | Data type: `Enum['present','absent']` |
||
| 552 | |||
| 553 | |||
| 554 | |||
| 555 | Default value: `'present'` |
||
| 556 | |||
| 557 | ### `nftables::rules::masquerade` |
||
| 558 | |||
| 559 | masquerade all outgoing traffic |
||
| 560 | |||
| 561 | #### Parameters |
||
| 562 | |||
| 563 | The following parameters are available in the `nftables::rules::masquerade` defined type. |
||
| 564 | |||
| 565 | ##### `rulename` |
||
| 566 | |||
| 567 | Data type: `Pattern[/^[a-zA-Z0-9_]+$/]` |
||
| 568 | |||
| 569 | |||
| 570 | |||
| 571 | Default value: `$title` |
||
| 572 | |||
| 573 | ##### `order` |
||
| 574 | |||
| 575 | Data type: `Pattern[/^\d\d$/]` |
||
| 576 | |||
| 577 | |||
| 578 | |||
| 579 | Default value: `'70'` |
||
| 580 | |||
| 581 | ##### `chain` |
||
| 582 | |||
| 583 | Data type: `String[1]` |
||
| 584 | |||
| 585 | |||
| 586 | |||
| 587 | Default value: `'POSTROUTING'` |
||
| 588 | |||
| 589 | ##### `oif` |
||
| 590 | |||
| 591 | Data type: `Optional[String[1]]` |
||
| 592 | |||
| 593 | |||
| 594 | |||
| 595 | Default value: ``undef`` |
||
| 596 | |||
| 597 | ##### `saddr` |
||
| 598 | |||
| 599 | Data type: `Optional[String[1]]` |
||
| 600 | |||
| 601 | |||
| 602 | |||
| 603 | Default value: ``undef`` |
||
| 604 | |||
| 605 | ##### `daddr` |
||
| 606 | |||
| 607 | Data type: `Optional[String[1]]` |
||
| 608 | |||
| 609 | |||
| 610 | |||
| 611 | Default value: ``undef`` |
||
| 612 | |||
| 613 | ##### `proto` |
||
| 614 | |||
| 615 | Data type: `Optional[Enum['tcp','udp']]` |
||
| 616 | |||
| 617 | |||
| 618 | |||
| 619 | Default value: ``undef`` |
||
| 620 | |||
| 621 | ##### `dport` |
||
| 622 | |||
| 623 | Data type: `Optional[Variant[String,Integer[1,65535]]]` |
||
| 624 | |||
| 625 | |||
| 626 | |||
| 627 | Default value: ``undef`` |
||
| 628 | |||
| 629 | ##### `ensure` |
||
| 630 | |||
| 631 | Data type: `Enum['present','absent']` |
||
| 632 | |||
| 633 | |||
| 634 | |||
| 635 | Default value: `'present'` |
||
| 636 | |||
| 637 | ### `nftables::rules::snat4` |
||
| 638 | |||
| 639 | manage a ipv4 snat rule |
||
| 640 | |||
| 641 | #### Parameters |
||
| 642 | |||
| 643 | The following parameters are available in the `nftables::rules::snat4` defined type. |
||
| 644 | |||
| 645 | ##### `snat` |
||
| 646 | |||
| 647 | Data type: `String[1]` |
||
| 648 | |||
| 649 | |||
| 650 | |||
| 651 | ##### `rulename` |
||
| 652 | |||
| 653 | Data type: `Pattern[/^[a-zA-Z0-9_]+$/]` |
||
| 654 | |||
| 655 | |||
| 656 | |||
| 657 | Default value: `$title` |
||
| 658 | |||
| 659 | ##### `order` |
||
| 660 | |||
| 661 | Data type: `Pattern[/^\d\d$/]` |
||
| 662 | |||
| 663 | |||
| 664 | |||
| 665 | Default value: `'70'` |
||
| 666 | |||
| 667 | ##### `chain` |
||
| 668 | |||
| 669 | Data type: `String[1]` |
||
| 670 | |||
| 671 | |||
| 672 | |||
| 673 | Default value: `'POSTROUTING'` |
||
| 674 | |||
| 675 | ##### `oif` |
||
| 676 | |||
| 677 | Data type: `Optional[String[1]]` |
||
| 678 | |||
| 679 | |||
| 680 | |||
| 681 | Default value: ``undef`` |
||
| 682 | |||
| 683 | ##### `saddr` |
||
| 684 | |||
| 685 | Data type: `Optional[String[1]]` |
||
| 686 | |||
| 687 | |||
| 688 | |||
| 689 | Default value: ``undef`` |
||
| 690 | |||
| 691 | ##### `proto` |
||
| 692 | |||
| 693 | Data type: `Optional[Enum['tcp','udp']]` |
||
| 694 | |||
| 695 | |||
| 696 | |||
| 697 | Default value: ``undef`` |
||
| 698 | |||
| 699 | ##### `dport` |
||
| 700 | |||
| 701 | Data type: `Optional[Variant[String,Integer[1,65535]]]` |
||
| 702 | |||
| 703 | |||
| 704 | |||
| 705 | Default value: ``undef`` |
||
| 706 | |||
| 707 | ##### `ensure` |
||
| 708 | |||
| 709 | Data type: `Enum['present','absent']` |
||
| 710 | |||
| 711 | |||
| 712 | |||
| 713 | Default value: `'present'` |