Révision e17693e3
New parameter out_all, default false
In order to allow all outbound traffic a parameter is
added to enable a simple `allow` entry on the out chain.
Default is false so backwards compatible.
If true all the other out_bound rules (ntp, ...) will be disabled
since not needed.
| manifests/init.pp | ||
|---|---|---|
| 1 |
# manage nftables |
|
| 1 |
# @summary Configure nftables |
|
| 2 |
# |
|
| 3 |
# @example |
|
| 4 |
# class{'nftables:
|
|
| 5 |
# out_ntp = false, |
|
| 6 |
# out_dns = true, |
|
| 7 |
# } |
|
| 8 |
# |
|
| 9 |
# @param out_all |
|
| 10 |
# Allow all outbound connections. If `true` then all other |
|
| 11 |
# out parameters `out_ntp`, `out_dns`, ... will be assuemed |
|
| 12 |
# false. |
|
| 13 |
# |
|
| 14 |
# @param out_ntp |
|
| 15 |
# Allow outbound to ntp servers. |
|
| 16 |
# |
|
| 17 |
# @param out_http |
|
| 18 |
# Allow outbound to http servers. |
|
| 19 |
# |
|
| 20 |
# @param out_https |
|
| 21 |
# Allow outbound to https servers. |
|
| 22 |
# |
|
| 23 |
# @param out_https |
|
| 24 |
# Allow outbound to https servers. |
|
| 25 |
# |
|
| 26 |
# @param in_ssh |
|
| 27 |
# Allow inbound to ssh servers. |
|
| 28 |
# |
|
| 2 | 29 |
class nftables ( |
| 3 | 30 |
Boolean $in_ssh = true, |
| 4 | 31 |
Boolean $out_ntp = true, |
| 5 | 32 |
Boolean $out_dns = true, |
| 6 | 33 |
Boolean $out_http = true, |
| 7 | 34 |
Boolean $out_https = true, |
| 35 |
Boolean $out_all = false, |
|
| 8 | 36 |
) {
|
| 9 | 37 |
|
| 10 | 38 |
package{'nftables':
|
Formats disponibles : Unified diff