puppet nftables

# Reference

<!-- DO NOT EDIT: This document was generated by Puppet Strings -->

## Table of Contents

### Classes

* [`nftables`](#nftables): Configure nftables

* [`nftables::inet_filter`](#nftablesinet_filter): manage basic chains in table inet filter

* [`nftables::ip_nat`](#nftablesip_nat): manage basic chains in table ip nat

* [`nftables::rules::http`](#nftablesruleshttp): manage in http

* [`nftables::rules::https`](#nftablesruleshttps): manage in https

* [`nftables::rules::icinga2`](#nftablesrulesicinga2): manage in icinga2

* [`nftables::rules::ospf`](#nftablesrulesospf): manage in ospf

* [`nftables::rules::ospf3`](#nftablesrulesospf3): manage in ospf3

* [`nftables::rules::out::all`](#nftablesrulesoutall): allow all outbound

* [`nftables::rules::out::chrony`](#nftablesrulesoutchrony): manage out chrony

* [`nftables::rules::out::dhcp`](#nftablesrulesoutdhcp): manage out dhcp

* [`nftables::rules::out::dns`](#nftablesrulesoutdns): manage out dns

* [`nftables::rules::out::http`](#nftablesrulesouthttp): manage out http

* [`nftables::rules::out::https`](#nftablesrulesouthttps): manage out https

* [`nftables::rules::out::mysql`](#nftablesrulesoutmysql): manage out mysql

* [`nftables::rules::out::ospf`](#nftablesrulesoutospf): manage out ospf

* [`nftables::rules::out::ospf3`](#nftablesrulesoutospf3): manage out ospf3

* [`nftables::rules::out::postgres`](#nftablesrulesoutpostgres): manage out postgres

* [`nftables::rules::out::puppet`](#nftablesrulesoutpuppet): manage outgoing puppet

* [`nftables::rules::out::smtp`](#nftablesrulesoutsmtp): manage out smtp

* [`nftables::rules::out::ssh`](#nftablesrulesoutssh): manage out ssh

* [`nftables::rules::out::ssh::remove`](#nftablesrulesoutsshremove): disable outgoing ssh

* [`nftables::rules::out::tor`](#nftablesrulesouttor): manage out tor

* [`nftables::rules::out::wireguard`](#nftablesrulesoutwireguard): manage out wireguard

* [`nftables::rules::puppet`](#nftablesrulespuppet): manage in puppet

* [`nftables::rules::smtp`](#nftablesrulessmtp): manage in smtp

* [`nftables::rules::smtp_submission`](#nftablesrulessmtp_submission): manage in smtp submission

* [`nftables::rules::smtps`](#nftablesrulessmtps): manage in smtps

* [`nftables::rules::ssh`](#nftablesrulesssh): manage in ssh

* [`nftables::rules::tor`](#nftablesrulestor): manage in tor

* [`nftables::rules::wireguard`](#nftablesruleswireguard): manage in wireguard

### Defined types

* [`nftables::chain`](#nftableschain): manage a chain

* [`nftables::config`](#nftablesconfig): manage a config snippet

* [`nftables::rule`](#nftablesrule): manage a chain rule Name should be:   CHAIN_NAME-rulename

* [`nftables::rules::dnat4`](#nftablesrulesdnat4): manage a ipv4 dnat rule

* [`nftables::rules::masquerade`](#nftablesrulesmasquerade): masquerade all outgoing traffic

* [`nftables::rules::snat4`](#nftablesrulessnat4): manage a ipv4 snat rule

## Classes

### `nftables`

Configure nftables

#### Examples

##### 

```puppet

class{'nftables:

  out_ntp = false,

  out_dns = true,

}

```

#### Parameters

The following parameters are available in the `nftables` class.

##### `out_all`

Data type: `Boolean`

Allow all outbound connections. If `true` then all other

out parameters `out_ntp`, `out_dns`, ... will be assuemed

false.

Default value: ``false``

##### `out_ntp`

Data type: `Boolean`

Allow outbound to ntp servers.

Default value: ``true``

##### `out_http`

Data type: `Boolean`

Allow outbound to http servers.

Default value: ``true``

##### `out_https`

Data type: `Boolean`

Allow outbound to https servers.

Default value: ``true``

##### `out_https`

Allow outbound to https servers.

Default value: ``true``

##### `in_ssh`

Data type: `Boolean`

Allow inbound to ssh servers.

Default value: ``true``

##### `out_dns`

Data type: `Boolean`

Default value: ``true``

### `nftables::inet_filter`

manage basic chains in table inet filter

### `nftables::ip_nat`

manage basic chains in table ip nat

### `nftables::rules::http`

manage in http

### `nftables::rules::https`

manage in https

### `nftables::rules::icinga2`

manage in icinga2

#### Parameters

The following parameters are available in the `nftables::rules::icinga2` class.

##### `ports`

Data type: `Array[Integer,1]`

Default value: `[5665]`

### `nftables::rules::ospf`

manage in ospf

### `nftables::rules::ospf3`

manage in ospf3

### `nftables::rules::out::all`

allow all outbound

### `nftables::rules::out::chrony`

manage out chrony

### `nftables::rules::out::dhcp`

manage out dhcp

### `nftables::rules::out::dns`

manage out dns

#### Parameters

The following parameters are available in the `nftables::rules::out::dns` class.

##### `dns_server`

Data type: `Optional[Variant[String,Array[String,1]]]`

Default value: ``undef``

### `nftables::rules::out::http`

manage out http

### `nftables::rules::out::https`

manage out https

### `nftables::rules::out::mysql`

manage out mysql

### `nftables::rules::out::ospf`

manage out ospf

### `nftables::rules::out::ospf3`

manage out ospf3

### `nftables::rules::out::postgres`

manage out postgres

### `nftables::rules::out::puppet`

manage outgoing puppet

#### Parameters

The following parameters are available in the `nftables::rules::out::puppet` class.

##### `puppetmaster`

Data type: `Variant[String,Array[String,1]]`

##### `puppetserver_port`

Data type: `Integer`

Default value: `8140`

### `nftables::rules::out::smtp`

manage out smtp

### `nftables::rules::out::ssh`

manage out ssh

### `nftables::rules::out::ssh::remove`

disable outgoing ssh

### `nftables::rules::out::tor`

manage out tor

### `nftables::rules::out::wireguard`

manage out wireguard

#### Parameters

The following parameters are available in the `nftables::rules::out::wireguard` class.

##### `ports`

Data type: `Array[Integer,1]`

Default value: `[51820]`

### `nftables::rules::puppet`

manage in puppet

#### Parameters

The following parameters are available in the `nftables::rules::puppet` class.

##### `ports`

Data type: `Array[Integer,1]`

Default value: `[8140]`

### `nftables::rules::smtp`

manage in smtp

### `nftables::rules::smtp_submission`

manage in smtp submission

### `nftables::rules::smtps`

manage in smtps

### `nftables::rules::ssh`

manage in ssh

#### Parameters

The following parameters are available in the `nftables::rules::ssh` class.

##### `ports`

Data type: `Array[Integer,1]`

Default value: `[22]`

### `nftables::rules::tor`

manage in tor

#### Parameters

The following parameters are available in the `nftables::rules::tor` class.

##### `ports`

Data type: `Array[Integer,1]`

Default value: `[9001]`

### `nftables::rules::wireguard`

manage in wireguard

#### Parameters

The following parameters are available in the `nftables::rules::wireguard` class.

##### `ports`

Data type: `Array[Integer,1]`

Default value: `[51820]`

## Defined types

### `nftables::chain`

manage a chain

#### Parameters

The following parameters are available in the `nftables::chain` defined type.

##### `table`

Data type: `Pattern[/^(ip|ip6|inet)-[a-zA-Z0-9_]+$/]`

Default value: `'inet-filter'`

##### `chain`

Data type: `Pattern[/^[a-zA-Z0-9_]+$/]`

Default value: `$title`

##### `inject`

Data type: `Optional[Pattern[/^\d\d-[a-zA-Z0-9_]+$/]]`

Default value: ``undef``

##### `inject_iif`

Data type: `Optional[String]`

Default value: ``undef``

##### `inject_oif`

Data type: `Optional[String]`

Default value: ``undef``

### `nftables::config`

manage a config snippet

#### Parameters

The following parameters are available in the `nftables::config` defined type.

##### `content`

Data type: `Optional[String]`

Default value: ``undef``

##### `source`

Data type: `Optional[Variant[String,Array[String,1]]]`

Default value: ``undef``

### `nftables::rule`

manage a chain rule

Name should be:

  CHAIN_NAME-rulename

#### Parameters

The following parameters are available in the `nftables::rule` defined type.

##### `ensure`

Data type: `Enum['present','absent']`

Default value: `'present'`

##### `rulename`

Data type: `Pattern[/^[a-zA-Z0-9_]+-[a-zA-Z0-9_]+(-\d+)?$/]`

Default value: `$title`

##### `order`

Data type: `Pattern[/^\d\d$/]`

Default value: `'50'`

##### `table`

Data type: `Optional[String]`

Default value: `'inet-filter'`

##### `content`

Data type: `Optional[String]`

Default value: ``undef``

##### `source`

Data type: `Optional[Variant[String,Array[String,1]]]`

Default value: ``undef``

### `nftables::rules::dnat4`

manage a ipv4 dnat rule

#### Parameters

The following parameters are available in the `nftables::rules::dnat4` defined type.

##### `daddr`

Data type: `Pattern[/^[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}$/]`

##### `port`

Data type: `Variant[String,Integer[1,65535]]`

##### `rulename`

Data type: `Pattern[/^[a-zA-Z0-9_]+$/]`

Default value: `$title`

##### `order`

Data type: `Pattern[/^\d\d$/]`

Default value: `'50'`

##### `chain`

Data type: `String[1]`

Default value: `'default_fwd'`

##### `iif`

Data type: `Optional[String[1]]`

Default value: ``undef``

##### `proto`

Data type: `Enum['tcp','udp']`

Default value: `'tcp'`

##### `dport`

Data type: `Optional[Variant[String,Integer[1,65535]]]`

Default value: `''`

##### `ensure`

Data type: `Enum['present','absent']`

Default value: `'present'`

### `nftables::rules::masquerade`

masquerade all outgoing traffic

#### Parameters

The following parameters are available in the `nftables::rules::masquerade` defined type.

##### `rulename`

Data type: `Pattern[/^[a-zA-Z0-9_]+$/]`

Default value: `$title`

##### `order`

Data type: `Pattern[/^\d\d$/]`

Default value: `'70'`

##### `chain`

Data type: `String[1]`

Default value: `'POSTROUTING'`

##### `oif`

Data type: `Optional[String[1]]`

Default value: ``undef``

##### `saddr`

Data type: `Optional[String[1]]`

Default value: ``undef``

##### `daddr`

Data type: `Optional[String[1]]`

Default value: ``undef``

##### `proto`

Data type: `Optional[Enum['tcp','udp']]`

Default value: ``undef``

##### `dport`

Data type: `Optional[Variant[String,Integer[1,65535]]]`

Default value: ``undef``

##### `ensure`

Data type: `Enum['present','absent']`

Default value: `'present'`

### `nftables::rules::snat4`

manage a ipv4 snat rule

#### Parameters

The following parameters are available in the `nftables::rules::snat4` defined type.

##### `snat`

Data type: `String[1]`

##### `rulename`

Data type: `Pattern[/^[a-zA-Z0-9_]+$/]`

Default value: `$title`

##### `order`

Data type: `Pattern[/^\d\d$/]`

Default value: `'70'`

##### `chain`

Data type: `String[1]`

Default value: `'POSTROUTING'`

##### `oif`

Data type: `Optional[String[1]]`

Default value: ``undef``

##### `saddr`

Data type: `Optional[String[1]]`

Default value: ``undef``

##### `proto`

Data type: `Optional[Enum['tcp','udp']]`

Default value: ``undef``

##### `dport`

Data type: `Optional[Variant[String,Integer[1,65535]]]`

Default value: ``undef``

##### `ensure`

Data type: `Enum['present','absent']`

Default value: `'present'`