/REFERENCE.md - Annoter - puppet nftables - Koumbit's Redmine

Télécharger au format

root / REFERENCE.md @ ea29e235

Historique | Voir | Annoter | Télécharger (52,4 ko)

1	e17693e3	Steve Traylen	# Reference
2
3			<!-- DO NOT EDIT: This document was generated by Puppet Strings -->
4
5			## Table of Contents
6
7			### Classes
8
9			* [`nftables`](#nftables): Configure nftables
10	c24d3118	Tim Meusel	* [`nftables::bridges`](#nftables--bridges): allow forwarding traffic on bridges
11			* [`nftables::inet_filter`](#nftables--inet_filter): manage basic chains in table inet filter
12			* [`nftables::inet_filter::fwd_conntrack`](#nftables--inet_filter--fwd_conntrack): enable conntrack for fwd
13			* [`nftables::inet_filter::in_out_conntrack`](#nftables--inet_filter--in_out_conntrack): manage input & output conntrack
14			* [`nftables::ip_nat`](#nftables--ip_nat): manage basic chains in table ip nat
15			* [`nftables::rules::activemq`](#nftables--rules--activemq): Provides input rules for Apache ActiveMQ
16			* [`nftables::rules::afs3_callback`](#nftables--rules--afs3_callback): Open call back port for AFS clients
17			* [`nftables::rules::ceph`](#nftables--rules--ceph): Ceph is a distributed object store and file system. Enable this to support Ceph's Object Storage Daemons (OSD), Metadata Server Daemons (MDS)
18			* [`nftables::rules::ceph_mon`](#nftables--rules--ceph_mon): Ceph is a distributed object store and file system.
19	09cba182	Steve Traylen	Enable this option to support Ceph's Monitor Daemon.
20	c24d3118	Tim Meusel	* [`nftables::rules::dhcpv6_client`](#nftables--rules--dhcpv6_client): allow DHCPv6 requests in to a host
21			* [`nftables::rules::dns`](#nftables--rules--dns): manage in dns
22			* [`nftables::rules::docker_ce`](#nftables--rules--docker_ce): Default firewall configuration for Docker-CE
23			* [`nftables::rules::http`](#nftables--rules--http): manage in http
24			* [`nftables::rules::https`](#nftables--rules--https): manage in https
25			* [`nftables::rules::icinga2`](#nftables--rules--icinga2): manage in icinga2
26			* [`nftables::rules::icmp`](#nftables--rules--icmp)
27	ea29e235	Simon Hoenscheid	* [`nftables::rules::ldap`](#nftables--rules--ldap): manage in ldap
28	c24d3118	Tim Meusel	* [`nftables::rules::nfs`](#nftables--rules--nfs): manage in nfs4
29			* [`nftables::rules::nfs3`](#nftables--rules--nfs3): manage in nfs3
30			* [`nftables::rules::node_exporter`](#nftables--rules--node_exporter): manage in node exporter
31			* [`nftables::rules::ospf`](#nftables--rules--ospf): manage in ospf
32			* [`nftables::rules::ospf3`](#nftables--rules--ospf3): manage in ospf3
33	ea29e235	Simon Hoenscheid	* [`nftables::rules::out::active_directory`](#nftables--rules--out--active_directory): manage outgoing active diectory
34	c24d3118	Tim Meusel	* [`nftables::rules::out::all`](#nftables--rules--out--all): allow all outbound
35			* [`nftables::rules::out::ceph_client`](#nftables--rules--out--ceph_client): Ceph is a distributed object store and file system.
36	09cba182	Steve Traylen	Enable this to be a client of Ceph's Monitor (MON),
37			Object Storage Daemons (OSD), Metadata Server Daemons (MDS),
38			and Manager Daemons (MGR).
39	c24d3118	Tim Meusel	* [`nftables::rules::out::chrony`](#nftables--rules--out--chrony): manage out chrony
40			* [`nftables::rules::out::dhcp`](#nftables--rules--out--dhcp): manage out dhcp
41			* [`nftables::rules::out::dhcpv6_client`](#nftables--rules--out--dhcpv6_client): Allow DHCPv6 requests out of a host
42			* [`nftables::rules::out::dns`](#nftables--rules--out--dns): manage out dns
43			* [`nftables::rules::out::hkp`](#nftables--rules--out--hkp): allow outgoing hkp connections to gpg keyservers
44			* [`nftables::rules::out::http`](#nftables--rules--out--http): manage out http
45			* [`nftables::rules::out::https`](#nftables--rules--out--https): manage out https
46			* [`nftables::rules::out::icmp`](#nftables--rules--out--icmp): control outbound icmp packages
47			* [`nftables::rules::out::imap`](#nftables--rules--out--imap): allow outgoing imap
48			* [`nftables::rules::out::kerberos`](#nftables--rules--out--kerberos): allows outbound access for kerberos
49	ea29e235	Simon Hoenscheid	* [`nftables::rules::out::ldap`](#nftables--rules--out--ldap): manage outgoing ldap
50	c24d3118	Tim Meusel	* [`nftables::rules::out::mysql`](#nftables--rules--out--mysql): manage out mysql
51			* [`nftables::rules::out::nfs`](#nftables--rules--out--nfs): manage out nfs
52			* [`nftables::rules::out::nfs3`](#nftables--rules--out--nfs3): manage out nfs3
53			* [`nftables::rules::out::openafs_client`](#nftables--rules--out--openafs_client): allows outbound access for afs clients
54	09cba182	Steve Traylen	7000 - afs3-fileserver
55			7002 - afs3-ptserver
56			7003 - vlserver
57	c24d3118	Tim Meusel	* [`nftables::rules::out::ospf`](#nftables--rules--out--ospf): manage out ospf
58			* [`nftables::rules::out::ospf3`](#nftables--rules--out--ospf3): manage out ospf3
59			* [`nftables::rules::out::pop3`](#nftables--rules--out--pop3): allow outgoing pop3
60			* [`nftables::rules::out::postgres`](#nftables--rules--out--postgres): manage out postgres
61			* [`nftables::rules::out::puppet`](#nftables--rules--out--puppet): manage outgoing puppet
62			* [`nftables::rules::out::pxp_agent`](#nftables--rules--out--pxp_agent): manage outgoing pxp-agent
63			* [`nftables::rules::out::smtp`](#nftables--rules--out--smtp): allow outgoing smtp
64			* [`nftables::rules::out::smtp_client`](#nftables--rules--out--smtp_client): allow outgoing smtp client
65			* [`nftables::rules::out::ssh`](#nftables--rules--out--ssh): manage out ssh
66			* [`nftables::rules::out::ssh::remove`](#nftables--rules--out--ssh--remove): disable outgoing ssh
67			* [`nftables::rules::out::tor`](#nftables--rules--out--tor): manage out tor
68			* [`nftables::rules::out::whois`](#nftables--rules--out--whois): allow clients to query remote whois server
69			* [`nftables::rules::out::wireguard`](#nftables--rules--out--wireguard): manage out wireguard
70			* [`nftables::rules::puppet`](#nftables--rules--puppet): manage in puppet
71			* [`nftables::rules::pxp_agent`](#nftables--rules--pxp_agent): manage in pxp-agent
72			* [`nftables::rules::qemu`](#nftables--rules--qemu): Bridged network configuration for qemu/libvirt
73			* [`nftables::rules::samba`](#nftables--rules--samba): manage Samba, the suite to allow Windows file sharing on Linux resources.
74			* [`nftables::rules::smtp`](#nftables--rules--smtp): manage in smtp
75			* [`nftables::rules::smtp_submission`](#nftables--rules--smtp_submission): manage in smtp submission
76			* [`nftables::rules::smtps`](#nftables--rules--smtps): manage in smtps
77			* [`nftables::rules::ssh`](#nftables--rules--ssh): manage in ssh
78			* [`nftables::rules::tor`](#nftables--rules--tor): manage in tor
79			* [`nftables::rules::wireguard`](#nftables--rules--wireguard): manage in wireguard
80			* [`nftables::services::dhcpv6_client`](#nftables--services--dhcpv6_client): Allow in and outbound traffic for DHCPv6 server
81			* [`nftables::services::openafs_client`](#nftables--services--openafs_client): Open inbound and outbound ports for an AFS client
82	e17693e3	Steve Traylen
83			### Defined types
84
85	c24d3118	Tim Meusel	* [`nftables::chain`](#nftables--chain): manage a chain
86			* [`nftables::config`](#nftables--config): manage a config snippet
87			* [`nftables::file`](#nftables--file): Insert a file into the nftables configuration
88			* [`nftables::rule`](#nftables--rule): Provides an interface to create a firewall rule
89			* [`nftables::rules::dnat4`](#nftables--rules--dnat4): manage a ipv4 dnat rule
90			* [`nftables::rules::masquerade`](#nftables--rules--masquerade): masquerade all outgoing traffic
91			* [`nftables::rules::snat4`](#nftables--rules--snat4): manage a ipv4 snat rule
92			* [`nftables::set`](#nftables--set): manage a named set
93			* [`nftables::simplerule`](#nftables--simplerule): Provides a simplified interface to nftables::rule
94	4d63adda	Nacho Barrientos
95			### Data types
96
97	c24d3118	Tim Meusel	* [`Nftables::Addr`](#Nftables--Addr): Represents an address expression to be used within a rule.
98			* [`Nftables::Addr::Set`](#Nftables--Addr--Set): Represents a set expression to be used within a rule.
99			* [`Nftables::Port`](#Nftables--Port): Represents a port expression to be used within a rule.
100			* [`Nftables::Port::Range`](#Nftables--Port--Range): Represents a port range expression to be used within a rule.
101			* [`Nftables::RuleName`](#Nftables--RuleName): Represents a rule name to be used in a raw rule created via nftables::rule.
102	8c00b818	Nacho Barrientos	It's a dash separated string. The first component describes the chain to
103			add the rule to, the second the rule name and the (optional) third a number.
104			Ex: 'default_in-sshd', 'default_out-my_service-2'.
105	c24d3118	Tim Meusel	* [`Nftables::SimpleRuleName`](#Nftables--SimpleRuleName): Represents a simple rule name to be used in a rule created via nftables::simplerule
106	e17693e3	Steve Traylen
107			## Classes
108
109	09cba182	Steve Traylen	### <a name="nftables"></a>`nftables`
110	e17693e3	Steve Traylen
111			Configure nftables
112
113			#### Examples
114
115	b9785000	Steve Traylen	##### allow dns out and do not allow ntp out
116	e17693e3	Steve Traylen
117			```puppet
118	2063deaf	hashworks	class{ 'nftables':
119			out_ntp => false,
120			out_dns => true,
121	e17693e3	Steve Traylen	}
122			```
123
124	b9785000	Steve Traylen	##### do not flush particular tables, fail2ban in this case
125
126			```puppet
127	2063deaf	hashworks	class{ 'nftables':
128			noflush_tables => ['inet-f2b-table'],
129	b9785000	Steve Traylen	}
130			```
131
132	e17693e3	Steve Traylen	#### Parameters
133
134	09cba182	Steve Traylen	The following parameters are available in the `nftables` class:
135
136	c24d3118	Tim Meusel	* [`out_all`](#-nftables--out_all)
137			* [`out_ntp`](#-nftables--out_ntp)
138			* [`out_http`](#-nftables--out_http)
139			* [`out_dns`](#-nftables--out_dns)
140			* [`out_https`](#-nftables--out_https)
141			* [`out_icmp`](#-nftables--out_icmp)
142			* [`in_ssh`](#-nftables--in_ssh)
143			* [`in_icmp`](#-nftables--in_icmp)
144			* [`inet_filter`](#-nftables--inet_filter)
145			* [`nat`](#-nftables--nat)
146			* [`nat_table_name`](#-nftables--nat_table_name)
147			* [`sets`](#-nftables--sets)
148			* [`log_prefix`](#-nftables--log_prefix)
149			* [`log_limit`](#-nftables--log_limit)
150			* [`reject_with`](#-nftables--reject_with)
151			* [`in_out_conntrack`](#-nftables--in_out_conntrack)
152			* [`fwd_conntrack`](#-nftables--fwd_conntrack)
153			* [`firewalld_enable`](#-nftables--firewalld_enable)
154			* [`noflush_tables`](#-nftables--noflush_tables)
155			* [`rules`](#-nftables--rules)
156			* [`configuration_path`](#-nftables--configuration_path)
157			* [`nft_path`](#-nftables--nft_path)
158			* [`echo`](#-nftables--echo)
159			* [`default_config_mode`](#-nftables--default_config_mode)
160
161			##### <a name="-nftables--out_all"></a>`out_all`
162	e17693e3	Steve Traylen
163			Data type: `Boolean`
164
165			Allow all outbound connections. If `true` then all other
166			out parameters `out_ntp`, `out_dns`, ... will be assuemed
167			false.
168
169	c24d3118	Tim Meusel	Default value: `false`
170	e17693e3	Steve Traylen
171	c24d3118	Tim Meusel	##### <a name="-nftables--out_ntp"></a>`out_ntp`
172	e17693e3	Steve Traylen
173			Data type: `Boolean`
174
175			Allow outbound to ntp servers.
176
177	c24d3118	Tim Meusel	Default value: `true`
178	e17693e3	Steve Traylen
179	c24d3118	Tim Meusel	##### <a name="-nftables--out_http"></a>`out_http`
180	e17693e3	Steve Traylen
181			Data type: `Boolean`
182
183			Allow outbound to http servers.
184
185	c24d3118	Tim Meusel	Default value: `true`
186	e17693e3	Steve Traylen
187	c24d3118	Tim Meusel	##### <a name="-nftables--out_dns"></a>`out_dns`
188	e17693e3	Steve Traylen
189			Data type: `Boolean`
190
191	09cba182	Steve Traylen	Allow outbound to dns servers.
192	e17693e3	Steve Traylen
193	c24d3118	Tim Meusel	Default value: `true`
194	e17693e3	Steve Traylen
195	c24d3118	Tim Meusel	##### <a name="-nftables--out_https"></a>`out_https`
196	09cba182	Steve Traylen
197			Data type: `Boolean`
198	e17693e3	Steve Traylen
199			Allow outbound to https servers.
200
201	c24d3118	Tim Meusel	Default value: `true`
202	e17693e3	Steve Traylen
203	c24d3118	Tim Meusel	##### <a name="-nftables--out_icmp"></a>`out_icmp`
204	7f6cacc5	Steve Traylen
205			Data type: `Boolean`
206
207			Allow outbound ICMPv4/v6 traffic.
208
209	c24d3118	Tim Meusel	Default value: `true`
210	7f6cacc5	Steve Traylen
211	c24d3118	Tim Meusel	##### <a name="-nftables--in_ssh"></a>`in_ssh`
212	e17693e3	Steve Traylen
213			Data type: `Boolean`
214
215			Allow inbound to ssh servers.
216
217	c24d3118	Tim Meusel	Default value: `true`
218	e17693e3	Steve Traylen
219	c24d3118	Tim Meusel	##### <a name="-nftables--in_icmp"></a>`in_icmp`
220	7f6cacc5	Steve Traylen
221			Data type: `Boolean`
222
223			Allow inbound ICMPv4/v6 traffic.
224
225	c24d3118	Tim Meusel	Default value: `true`
226	7f6cacc5	Steve Traylen
227	c24d3118	Tim Meusel	##### <a name="-nftables--inet_filter"></a>`inet_filter`
228	7b9d6ffc	Nacho Barrientos
229			Data type: `Boolean`
230
231			Add default tables, chains and rules to process traffic.
232
233	c24d3118	Tim Meusel	Default value: `true`
234	7b9d6ffc	Nacho Barrientos
235	c24d3118	Tim Meusel	##### <a name="-nftables--nat"></a>`nat`
236	7f6cacc5	Steve Traylen
237			Data type: `Boolean`
238
239			Add default tables and chains to process NAT traffic.
240
241	c24d3118	Tim Meusel	Default value: `true`
242	7f6cacc5	Steve Traylen
243	c24d3118	Tim Meusel	##### <a name="-nftables--nat_table_name"></a>`nat_table_name`
244	b02d6ea9	Nacho Barrientos
245			Data type: `String[1]`
246
247			The name of the 'nat' table.
248
249			Default value: `'nat'`
250
251	c24d3118	Tim Meusel	##### <a name="-nftables--sets"></a>`sets`
252	b9785000	Steve Traylen
253			Data type: `Hash`
254
255			Allows sourcing set definitions directly from Hiera.
256
257			Default value: `{}`
258
259	c24d3118	Tim Meusel	##### <a name="-nftables--log_prefix"></a>`log_prefix`
260	7f6cacc5	Steve Traylen
261			Data type: `String`
262
263			String that will be used as prefix when logging packets. It can contain
264			two variables using standard sprintf() string-formatting:
265			* chain: Will be replaced by the name of the chain.
266			* comment: Allows chains to add extra comments.
267
268			Default value: `'[nftables] %<chain>s %<comment>s'`
269
270	c24d3118	Tim Meusel	##### <a name="-nftables--log_limit"></a>`log_limit`
271	b9785000	Steve Traylen
272			Data type: `Variant[Boolean[false], String]`
273
274			String with the content of a limit statement to be applied
275			to the rules that log discarded traffic. Set to false to
276			disable rate limiting.
277
278			Default value: `'3/minute burst 5 packets'`
279
280	c24d3118	Tim Meusel	##### <a name="-nftables--reject_with"></a>`reject_with`
281	7f6cacc5	Steve Traylen
282	b9785000	Steve Traylen	Data type: `Variant[Boolean[false], Pattern[/icmp(v6\|x)? type .+\|tcp reset/]]`
283	7f6cacc5	Steve Traylen
284			How to discard packets not matching any rule. If `false`, the
285			fate of the packet will be defined by the chain policy (normally
286			drop), otherwise the packet will be rejected with the REJECT_WITH
287			policy indicated by the value of this parameter.
288
289			Default value: `'icmpx type port-unreachable'`
290
291	c24d3118	Tim Meusel	##### <a name="-nftables--in_out_conntrack"></a>`in_out_conntrack`
292	7f6cacc5	Steve Traylen
293			Data type: `Boolean`
294
295			Adds INPUT and OUTPUT rules to allow traffic that's part of an
296			established connection and also to drop invalid packets.
297
298	c24d3118	Tim Meusel	Default value: `true`
299	7f6cacc5	Steve Traylen
300	c24d3118	Tim Meusel	##### <a name="-nftables--fwd_conntrack"></a>`fwd_conntrack`
301	b9785000	Steve Traylen
302			Data type: `Boolean`
303
304			Adds FORWARD rules to allow traffic that's part of an
305			established connection and also to drop invalid packets.
306
307	c24d3118	Tim Meusel	Default value: `false`
308	b9785000	Steve Traylen
309	c24d3118	Tim Meusel	##### <a name="-nftables--firewalld_enable"></a>`firewalld_enable`
310	7f6cacc5	Steve Traylen
311			Data type: `Variant[Boolean[false], Enum['mask']]`
312
313			Configures how the firewalld systemd service unit is enabled. It might be
314			useful to set this to false if you're externaly removing firewalld from
315			the system completely.
316
317			Default value: `'mask'`
318
319	c24d3118	Tim Meusel	##### <a name="-nftables--noflush_tables"></a>`noflush_tables`
320	b9785000	Steve Traylen
321	3b8f5945	Steve Traylen	Data type: `Optional[Array[Pattern[/^(ip\|ip6\|inet\|arp\|bridge\|netdev)-[-a-zA-Z0-9_]+$/],1]]`
322	b9785000	Steve Traylen
323			If specified only other existings tables will be flushed.
324			If left unset all tables will be flushed via a `flush ruleset`
325
326	c24d3118	Tim Meusel	Default value: `undef`
327	b9785000	Steve Traylen
328	c24d3118	Tim Meusel	##### <a name="-nftables--rules"></a>`rules`
329	7f6cacc5	Steve Traylen
330			Data type: `Hash`
331
332	09cba182	Steve Traylen	Specify hashes of `nftables::rule`s via hiera
333	7f6cacc5	Steve Traylen
334			Default value: `{}`
335
336	c24d3118	Tim Meusel	##### <a name="-nftables--configuration_path"></a>`configuration_path`
337	d0a1ffef	hashworks
338			Data type: `Stdlib::Unixpath`
339
340			The absolute path to the principal nftables configuration file. The default
341			varies depending on the system, and is set in the module's data.
342
343	c24d3118	Tim Meusel	##### <a name="-nftables--nft_path"></a>`nft_path`
344	8842a597	Tim Meusel
345			Data type: `Stdlib::Unixpath`
346
347			Path to the nft binary
348
349	c24d3118	Tim Meusel	##### <a name="-nftables--echo"></a>`echo`
350	821ec83a	Tim Meusel
351			Data type: `Stdlib::Unixpath`
352
353			Path to the echo binary
354
355	c24d3118	Tim Meusel	##### <a name="-nftables--default_config_mode"></a>`default_config_mode`
356	7030bde0	Luis Fernández Álvarez
357			Data type: `Stdlib::Filemode`
358
359			The default file & dir mode for configuration files and directories. The
360			default varies depending on the system, and is set in the module's data.
361
362	c24d3118	Tim Meusel	### <a name="nftables--bridges"></a>`nftables::bridges`
363	7f6cacc5	Steve Traylen
364			allow forwarding traffic on bridges
365
366			#### Parameters
367
368	09cba182	Steve Traylen	The following parameters are available in the `nftables::bridges` class:
369	7f6cacc5	Steve Traylen
370	c24d3118	Tim Meusel	* [`ensure`](#-nftables--bridges--ensure)
371			* [`bridgenames`](#-nftables--bridges--bridgenames)
372	09cba182	Steve Traylen
373	c24d3118	Tim Meusel	##### <a name="-nftables--bridges--ensure"></a>`ensure`
374	7f6cacc5	Steve Traylen
375			Data type: `Enum['present','absent']`
376
377
378
379			Default value: `'present'`
380
381	c24d3118	Tim Meusel	##### <a name="-nftables--bridges--bridgenames"></a>`bridgenames`
382	7f6cacc5	Steve Traylen
383			Data type: `Regexp`
384
385
386
387			Default value: `/^br.+/`
388
389	c24d3118	Tim Meusel	### <a name="nftables--inet_filter"></a>`nftables::inet_filter`
390	e17693e3	Steve Traylen
391			manage basic chains in table inet filter
392
393	c24d3118	Tim Meusel	### <a name="nftables--inet_filter--fwd_conntrack"></a>`nftables::inet_filter::fwd_conntrack`
394	a1f09048	Tim Meusel
395			enable conntrack for fwd
396
397	c24d3118	Tim Meusel	### <a name="nftables--inet_filter--in_out_conntrack"></a>`nftables::inet_filter::in_out_conntrack`
398	a1f09048	Tim Meusel
399			manage input & output conntrack
400
401	c24d3118	Tim Meusel	### <a name="nftables--ip_nat"></a>`nftables::ip_nat`
402	e17693e3	Steve Traylen
403			manage basic chains in table ip nat
404
405	c24d3118	Tim Meusel	### <a name="nftables--rules--activemq"></a>`nftables::rules::activemq`
406	771b3256	Nacho Barrientos
407			Provides input rules for Apache ActiveMQ
408
409			#### Parameters
410
411			The following parameters are available in the `nftables::rules::activemq` class:
412
413	c24d3118	Tim Meusel	* [`tcp`](#-nftables--rules--activemq--tcp)
414			* [`udp`](#-nftables--rules--activemq--udp)
415			* [`port`](#-nftables--rules--activemq--port)
416	771b3256	Nacho Barrientos
417	c24d3118	Tim Meusel	##### <a name="-nftables--rules--activemq--tcp"></a>`tcp`
418	771b3256	Nacho Barrientos
419			Data type: `Boolean`
420
421			Create the rule for TCP traffic.
422
423	c24d3118	Tim Meusel	Default value: `true`
424	771b3256	Nacho Barrientos
425	c24d3118	Tim Meusel	##### <a name="-nftables--rules--activemq--udp"></a>`udp`
426	771b3256	Nacho Barrientos
427			Data type: `Boolean`
428
429			Create the rule for UDP traffic.
430
431	c24d3118	Tim Meusel	Default value: `true`
432	771b3256	Nacho Barrientos
433	c24d3118	Tim Meusel	##### <a name="-nftables--rules--activemq--port"></a>`port`
434	771b3256	Nacho Barrientos
435			Data type: `Stdlib::Port`
436
437			The port number for the ActiveMQ daemon.
438
439			Default value: `61616`
440
441	c24d3118	Tim Meusel	### <a name="nftables--rules--afs3_callback"></a>`nftables::rules::afs3_callback`
442	09cba182	Steve Traylen
443			Open call back port for AFS clients
444	7f6cacc5	Steve Traylen
445	09cba182	Steve Traylen	#### Examples
446
447			##### allow call backs from particular hosts
448
449			```puppet
450	7f6cacc5	Steve Traylen	class{'nftables::rules::afs3_callback':
451			saddr => ['192.168.0.0/16', '10.0.0.222']
452			}
453	09cba182	Steve Traylen	```
454	7f6cacc5	Steve Traylen
455			#### Parameters
456
457	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::afs3_callback` class:
458
459	c24d3118	Tim Meusel	* [`saddr`](#-nftables--rules--afs3_callback--saddr)
460	7f6cacc5	Steve Traylen
461	c24d3118	Tim Meusel	##### <a name="-nftables--rules--afs3_callback--saddr"></a>`saddr`
462	7f6cacc5	Steve Traylen
463			Data type: `Array[Stdlib::IP::Address::V4,1]`
464
465			list of source network ranges to a
466
467			Default value: `['0.0.0.0/0']`
468
469	c24d3118	Tim Meusel	### <a name="nftables--rules--ceph"></a>`nftables::rules::ceph`
470	b9785000	Steve Traylen
471			Ceph is a distributed object store and file system.
472			Enable this to support Ceph's Object Storage Daemons (OSD),
473			Metadata Server Daemons (MDS), or Manager Daemons (MGR).
474
475	c24d3118	Tim Meusel	### <a name="nftables--rules--ceph_mon"></a>`nftables::rules::ceph_mon`
476	b9785000	Steve Traylen
477			Ceph is a distributed object store and file system.
478			Enable this option to support Ceph's Monitor Daemon.
479
480			#### Parameters
481
482	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::ceph_mon` class:
483	b9785000	Steve Traylen
484	c24d3118	Tim Meusel	* [`ports`](#-nftables--rules--ceph_mon--ports)
485	b9785000	Steve Traylen
486	c24d3118	Tim Meusel	##### <a name="-nftables--rules--ceph_mon--ports"></a>`ports`
487	b9785000	Steve Traylen
488	09cba182	Steve Traylen	Data type: `Array[Stdlib::Port,1]`
489	b9785000	Steve Traylen
490	09cba182	Steve Traylen	specify ports for ceph service
491	b9785000	Steve Traylen
492			Default value: `[3300, 6789]`
493
494	c24d3118	Tim Meusel	### <a name="nftables--rules--dhcpv6_client"></a>`nftables::rules::dhcpv6_client`
495	7f6cacc5	Steve Traylen
496	09cba182	Steve Traylen	allow DHCPv6 requests in to a host
497	7f6cacc5	Steve Traylen
498	c24d3118	Tim Meusel	### <a name="nftables--rules--dns"></a>`nftables::rules::dns`
499	7f6cacc5	Steve Traylen
500			manage in dns
501
502			#### Parameters
503
504	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::dns` class:
505	7f6cacc5	Steve Traylen
506	c24d3118	Tim Meusel	* [`ports`](#-nftables--rules--dns--ports)
507	7f6cacc5	Steve Traylen
508	c24d3118	Tim Meusel	##### <a name="-nftables--rules--dns--ports"></a>`ports`
509	7f6cacc5	Steve Traylen
510	09cba182	Steve Traylen	Data type: `Array[Stdlib::Port,1]`
511	7f6cacc5	Steve Traylen
512	09cba182	Steve Traylen	Specify ports for dns.
513	7f6cacc5	Steve Traylen
514			Default value: `[53]`
515
516	c24d3118	Tim Meusel	### <a name="nftables--rules--docker_ce"></a>`nftables::rules::docker_ce`
517	804b96e4	Nacho Barrientos
518			The configuration distributed in this class represents the default firewall
519			configuration done by docker-ce when the iptables integration is enabled.
520
521			This class is needed as the default docker-ce rules added to ip-filter conflict
522			with the inet-filter forward rules set by default in this module.
523
524			When using this class 'docker::iptables: false' should be set.
525
526			#### Parameters
527
528			The following parameters are available in the `nftables::rules::docker_ce` class:
529
530	c24d3118	Tim Meusel	* [`docker_interface`](#-nftables--rules--docker_ce--docker_interface)
531			* [`docker_prefix`](#-nftables--rules--docker_ce--docker_prefix)
532			* [`manage_docker_chains`](#-nftables--rules--docker_ce--manage_docker_chains)
533			* [`manage_base_chains`](#-nftables--rules--docker_ce--manage_base_chains)
534	804b96e4	Nacho Barrientos
535	c24d3118	Tim Meusel	##### <a name="-nftables--rules--docker_ce--docker_interface"></a>`docker_interface`
536	804b96e4	Nacho Barrientos
537			Data type: `String[1]`
538
539			Interface name used by docker.
540
541			Default value: `'docker0'`
542
543	c24d3118	Tim Meusel	##### <a name="-nftables--rules--docker_ce--docker_prefix"></a>`docker_prefix`
544	804b96e4	Nacho Barrientos
545			Data type: `Stdlib::IP::Address::V4::CIDR`
546
547			The address space used by docker.
548
549			Default value: `'172.17.0.0/16'`
550
551	c24d3118	Tim Meusel	##### <a name="-nftables--rules--docker_ce--manage_docker_chains"></a>`manage_docker_chains`
552	804b96e4	Nacho Barrientos
553			Data type: `Boolean`
554
555			Flag to control whether the class should create the docker related chains.
556
557	c24d3118	Tim Meusel	Default value: `true`
558	804b96e4	Nacho Barrientos
559	c24d3118	Tim Meusel	##### <a name="-nftables--rules--docker_ce--manage_base_chains"></a>`manage_base_chains`
560	804b96e4	Nacho Barrientos
561			Data type: `Boolean`
562
563			Flag to control whether the class should create the base common chains.
564
565	c24d3118	Tim Meusel	Default value: `true`
566	804b96e4	Nacho Barrientos
567	c24d3118	Tim Meusel	### <a name="nftables--rules--http"></a>`nftables::rules::http`
568	e17693e3	Steve Traylen
569			manage in http
570
571	c24d3118	Tim Meusel	### <a name="nftables--rules--https"></a>`nftables::rules::https`
572	e17693e3	Steve Traylen
573			manage in https
574
575	c24d3118	Tim Meusel	### <a name="nftables--rules--icinga2"></a>`nftables::rules::icinga2`
576	e17693e3	Steve Traylen
577			manage in icinga2
578
579			#### Parameters
580
581	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::icinga2` class:
582	e17693e3	Steve Traylen
583	c24d3118	Tim Meusel	* [`ports`](#-nftables--rules--icinga2--ports)
584	e17693e3	Steve Traylen
585	c24d3118	Tim Meusel	##### <a name="-nftables--rules--icinga2--ports"></a>`ports`
586	e17693e3	Steve Traylen
587	09cba182	Steve Traylen	Data type: `Array[Stdlib::Port,1]`
588	e17693e3	Steve Traylen
589	8db66304	Steve Traylen	Specify ports for icinga2
590	e17693e3	Steve Traylen
591			Default value: `[5665]`
592
593	c24d3118	Tim Meusel	### <a name="nftables--rules--icmp"></a>`nftables::rules::icmp`
594	7f6cacc5	Steve Traylen
595			The nftables::rules::icmp class.
596
597			#### Parameters
598
599	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::icmp` class:
600
601	c24d3118	Tim Meusel	* [`v4_types`](#-nftables--rules--icmp--v4_types)
602			* [`v6_types`](#-nftables--rules--icmp--v6_types)
603			* [`order`](#-nftables--rules--icmp--order)
604	7f6cacc5	Steve Traylen
605	c24d3118	Tim Meusel	##### <a name="-nftables--rules--icmp--v4_types"></a>`v4_types`
606	7f6cacc5	Steve Traylen
607			Data type: `Optional[Array[String]]`
608
609
610
611	c24d3118	Tim Meusel	Default value: `undef`
612	7f6cacc5	Steve Traylen
613	c24d3118	Tim Meusel	##### <a name="-nftables--rules--icmp--v6_types"></a>`v6_types`
614	7f6cacc5	Steve Traylen
615			Data type: `Optional[Array[String]]`
616
617
618
619	c24d3118	Tim Meusel	Default value: `undef`
620	7f6cacc5	Steve Traylen
621	c24d3118	Tim Meusel	##### <a name="-nftables--rules--icmp--order"></a>`order`
622	7f6cacc5	Steve Traylen
623			Data type: `String`
624
625
626
627			Default value: `'10'`
628
629	ea29e235	Simon Hoenscheid	### <a name="nftables--rules--ldap"></a>`nftables::rules::ldap`
630
631			manage in ldap
632
633			#### Parameters
634
635			The following parameters are available in the `nftables::rules::ldap` class:
636
637			* [`ports`](#-nftables--rules--ldap--ports)
638
639			##### <a name="-nftables--rules--ldap--ports"></a>`ports`
640
641			Data type: `Array[Integer,1]`
642
643			ldap server ports
644
645			Default value: `[389, 636]`
646
647	c24d3118	Tim Meusel	### <a name="nftables--rules--nfs"></a>`nftables::rules::nfs`
648	b9785000	Steve Traylen
649			manage in nfs4
650
651	c24d3118	Tim Meusel	### <a name="nftables--rules--nfs3"></a>`nftables::rules::nfs3`
652	b9785000	Steve Traylen
653			manage in nfs3
654
655	c24d3118	Tim Meusel	### <a name="nftables--rules--node_exporter"></a>`nftables::rules::node_exporter`
656	7f6cacc5	Steve Traylen
657			manage in node exporter
658
659			#### Parameters
660
661	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::node_exporter` class:
662	7f6cacc5	Steve Traylen
663	c24d3118	Tim Meusel	* [`prometheus_server`](#-nftables--rules--node_exporter--prometheus_server)
664			* [`port`](#-nftables--rules--node_exporter--port)
665	7f6cacc5	Steve Traylen
666	c24d3118	Tim Meusel	##### <a name="-nftables--rules--node_exporter--prometheus_server"></a>`prometheus_server`
667	7f6cacc5	Steve Traylen
668	09cba182	Steve Traylen	Data type: `Optional[Variant[String,Array[String,1]]]`
669	7f6cacc5	Steve Traylen
670	09cba182	Steve Traylen	Specify server name
671	7f6cacc5	Steve Traylen
672	c24d3118	Tim Meusel	Default value: `undef`
673	7f6cacc5	Steve Traylen
674	c24d3118	Tim Meusel	##### <a name="-nftables--rules--node_exporter--port"></a>`port`
675	7f6cacc5	Steve Traylen
676	bc1b0f1a	Steve Traylen	Data type: `Stdlib::Port`
677	7f6cacc5	Steve Traylen
678	09cba182	Steve Traylen	Specify port to open
679	7f6cacc5	Steve Traylen
680			Default value: `9100`
681
682	c24d3118	Tim Meusel	### <a name="nftables--rules--ospf"></a>`nftables::rules::ospf`
683	e17693e3	Steve Traylen
684			manage in ospf
685
686	c24d3118	Tim Meusel	### <a name="nftables--rules--ospf3"></a>`nftables::rules::ospf3`
687	e17693e3	Steve Traylen
688			manage in ospf3
689
690	ea29e235	Simon Hoenscheid	### <a name="nftables--rules--out--active_directory"></a>`nftables::rules::out::active_directory`
691
692			manage outgoing active diectory
693
694			#### Parameters
695
696			The following parameters are available in the `nftables::rules::out::active_directory` class:
697
698			* [`adserver`](#-nftables--rules--out--active_directory--adserver)
699			* [`adserver_ports`](#-nftables--rules--out--active_directory--adserver_ports)
700
701			##### <a name="-nftables--rules--out--active_directory--adserver"></a>`adserver`
702
703			Data type: `Variant[Stdlib::IP::Address,Array[Stdlib::IP::Address,1]]`
704
705			adserver IPs
706
707			##### <a name="-nftables--rules--out--active_directory--adserver_ports"></a>`adserver_ports`
708
709			Data type: `Array[Stdlib::Port,1]`
710
711			adserver ports
712
713			Default value: `[389, 636, 3268, 3269]`
714
715	c24d3118	Tim Meusel	### <a name="nftables--rules--out--all"></a>`nftables::rules::out::all`
716	e17693e3	Steve Traylen
717			allow all outbound
718
719	c24d3118	Tim Meusel	### <a name="nftables--rules--out--ceph_client"></a>`nftables::rules::out::ceph_client`
720	b9785000	Steve Traylen
721			Ceph is a distributed object store and file system.
722			Enable this to be a client of Ceph's Monitor (MON),
723			Object Storage Daemons (OSD), Metadata Server Daemons (MDS),
724			and Manager Daemons (MGR).
725
726			#### Parameters
727
728	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::out::ceph_client` class:
729	b9785000	Steve Traylen
730	c24d3118	Tim Meusel	* [`ports`](#-nftables--rules--out--ceph_client--ports)
731	b9785000	Steve Traylen
732	c24d3118	Tim Meusel	##### <a name="-nftables--rules--out--ceph_client--ports"></a>`ports`
733	b9785000	Steve Traylen
734	09cba182	Steve Traylen	Data type: `Array[Stdlib::Port,1]`
735	b9785000	Steve Traylen
736	09cba182	Steve Traylen	Specify ports to open
737	b9785000	Steve Traylen
738			Default value: `[3300, 6789]`
739
740	c24d3118	Tim Meusel	### <a name="nftables--rules--out--chrony"></a>`nftables::rules::out::chrony`
741	e17693e3	Steve Traylen
742			manage out chrony
743
744	7937a13b	Tim Meusel	#### Parameters
745
746			The following parameters are available in the `nftables::rules::out::chrony` class:
747
748	c24d3118	Tim Meusel	* [`servers`](#-nftables--rules--out--chrony--servers)
749	7937a13b	Tim Meusel
750	c24d3118	Tim Meusel	##### <a name="-nftables--rules--out--chrony--servers"></a>`servers`
751	7937a13b	Tim Meusel
752			Data type: `Array[Stdlib::IP::Address]`
753
754			single IP-Address or array of IP-addresses from NTP servers
755
756			Default value: `[]`
757
758	c24d3118	Tim Meusel	### <a name="nftables--rules--out--dhcp"></a>`nftables::rules::out::dhcp`
759	e17693e3	Steve Traylen
760			manage out dhcp
761
762	c24d3118	Tim Meusel	### <a name="nftables--rules--out--dhcpv6_client"></a>`nftables::rules::out::dhcpv6_client`
763	7f6cacc5	Steve Traylen
764	09cba182	Steve Traylen	Allow DHCPv6 requests out of a host
765	7f6cacc5	Steve Traylen
766	c24d3118	Tim Meusel	### <a name="nftables--rules--out--dns"></a>`nftables::rules::out::dns`
767	e17693e3	Steve Traylen
768			manage out dns
769
770			#### Parameters
771
772	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::out::dns` class:
773	e17693e3	Steve Traylen
774	c24d3118	Tim Meusel	* [`dns_server`](#-nftables--rules--out--dns--dns_server)
775	e17693e3	Steve Traylen
776	c24d3118	Tim Meusel	##### <a name="-nftables--rules--out--dns--dns_server"></a>`dns_server`
777	e17693e3	Steve Traylen
778	09cba182	Steve Traylen	Data type: `Optional[Variant[String,Array[String,1]]]`
779	e17693e3	Steve Traylen
780	09cba182	Steve Traylen	specify dns_server name
781	e17693e3	Steve Traylen
782	c24d3118	Tim Meusel	Default value: `undef`
783	e17693e3	Steve Traylen
784	c24d3118	Tim Meusel	### <a name="nftables--rules--out--hkp"></a>`nftables::rules::out::hkp`
785	a1f09048	Tim Meusel
786			allow outgoing hkp connections to gpg keyservers
787
788	c24d3118	Tim Meusel	### <a name="nftables--rules--out--http"></a>`nftables::rules::out::http`
789	e17693e3	Steve Traylen
790			manage out http
791
792	c24d3118	Tim Meusel	### <a name="nftables--rules--out--https"></a>`nftables::rules::out::https`
793	e17693e3	Steve Traylen
794			manage out https
795
796	c24d3118	Tim Meusel	### <a name="nftables--rules--out--icmp"></a>`nftables::rules::out::icmp`
797	7f6cacc5	Steve Traylen
798	09cba182	Steve Traylen	control outbound icmp packages
799	7f6cacc5	Steve Traylen
800			#### Parameters
801
802	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::out::icmp` class:
803
804	c24d3118	Tim Meusel	* [`v4_types`](#-nftables--rules--out--icmp--v4_types)
805			* [`v6_types`](#-nftables--rules--out--icmp--v6_types)
806			* [`order`](#-nftables--rules--out--icmp--order)
807	7f6cacc5	Steve Traylen
808	c24d3118	Tim Meusel	##### <a name="-nftables--rules--out--icmp--v4_types"></a>`v4_types`
809	7f6cacc5	Steve Traylen
810			Data type: `Optional[Array[String]]`
811
812
813
814	c24d3118	Tim Meusel	Default value: `undef`
815	7f6cacc5	Steve Traylen
816	c24d3118	Tim Meusel	##### <a name="-nftables--rules--out--icmp--v6_types"></a>`v6_types`
817	7f6cacc5	Steve Traylen
818			Data type: `Optional[Array[String]]`
819
820
821
822	c24d3118	Tim Meusel	Default value: `undef`
823	7f6cacc5	Steve Traylen
824	c24d3118	Tim Meusel	##### <a name="-nftables--rules--out--icmp--order"></a>`order`
825	7f6cacc5	Steve Traylen
826			Data type: `String`
827
828
829
830			Default value: `'10'`
831
832	c24d3118	Tim Meusel	### <a name="nftables--rules--out--imap"></a>`nftables::rules::out::imap`
833	19908f41	mh
834			allow outgoing imap
835
836	c24d3118	Tim Meusel	### <a name="nftables--rules--out--kerberos"></a>`nftables::rules::out::kerberos`
837	7f6cacc5	Steve Traylen
838			allows outbound access for kerberos
839
840	ea29e235	Simon Hoenscheid	### <a name="nftables--rules--out--ldap"></a>`nftables::rules::out::ldap`
841
842			manage outgoing ldap
843
844			#### Parameters
845
846			The following parameters are available in the `nftables::rules::out::ldap` class:
847
848			* [`ldapserver`](#-nftables--rules--out--ldap--ldapserver)
849			* [`ldapserver_ports`](#-nftables--rules--out--ldap--ldapserver_ports)
850
851			##### <a name="-nftables--rules--out--ldap--ldapserver"></a>`ldapserver`
852
853			Data type: `Variant[Stdlib::IP::Address,Array[Stdlib::IP::Address,1]]`
854
855			ldapserver IPs
856
857			##### <a name="-nftables--rules--out--ldap--ldapserver_ports"></a>`ldapserver_ports`
858
859			Data type: `Array[Stdlib::Port,1]`
860
861			ldapserver ports
862
863			Default value: `[389, 636]`
864
865	c24d3118	Tim Meusel	### <a name="nftables--rules--out--mysql"></a>`nftables::rules::out::mysql`
866	e17693e3	Steve Traylen
867			manage out mysql
868
869	c24d3118	Tim Meusel	### <a name="nftables--rules--out--nfs"></a>`nftables::rules::out::nfs`
870	b9785000	Steve Traylen
871			manage out nfs
872
873	c24d3118	Tim Meusel	### <a name="nftables--rules--out--nfs3"></a>`nftables::rules::out::nfs3`
874	b9785000	Steve Traylen
875			manage out nfs3
876
877	c24d3118	Tim Meusel	### <a name="nftables--rules--out--openafs_client"></a>`nftables::rules::out::openafs_client`
878	7f6cacc5	Steve Traylen
879	09cba182	Steve Traylen	allows outbound access for afs clients
880	7f6cacc5	Steve Traylen	7000 - afs3-fileserver
881			7002 - afs3-ptserver
882			7003 - vlserver
883
884			* See also
885			* https://wiki.openafs.org/devel/AFSServicePorts/
886			* AFS Service Ports
887
888			#### Parameters
889
890	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::out::openafs_client` class:
891	7f6cacc5	Steve Traylen
892	c24d3118	Tim Meusel	* [`ports`](#-nftables--rules--out--openafs_client--ports)
893	7f6cacc5	Steve Traylen
894	c24d3118	Tim Meusel	##### <a name="-nftables--rules--out--openafs_client--ports"></a>`ports`
895	7f6cacc5	Steve Traylen
896	09cba182	Steve Traylen	Data type: `Array[Stdlib::Port,1]`
897	7f6cacc5	Steve Traylen
898	09cba182	Steve Traylen	port numbers to use
899	7f6cacc5	Steve Traylen
900			Default value: `[7000, 7002, 7003]`
901
902	c24d3118	Tim Meusel	### <a name="nftables--rules--out--ospf"></a>`nftables::rules::out::ospf`
903	e17693e3	Steve Traylen
904			manage out ospf
905
906	c24d3118	Tim Meusel	### <a name="nftables--rules--out--ospf3"></a>`nftables::rules::out::ospf3`
907	e17693e3	Steve Traylen
908			manage out ospf3
909
910	c24d3118	Tim Meusel	### <a name="nftables--rules--out--pop3"></a>`nftables::rules::out::pop3`
911	19908f41	mh
912			allow outgoing pop3
913
914	c24d3118	Tim Meusel	### <a name="nftables--rules--out--postgres"></a>`nftables::rules::out::postgres`
915	e17693e3	Steve Traylen
916			manage out postgres
917
918	c24d3118	Tim Meusel	### <a name="nftables--rules--out--puppet"></a>`nftables::rules::out::puppet`
919	e17693e3	Steve Traylen
920			manage outgoing puppet
921
922			#### Parameters
923
924	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::out::puppet` class:
925	e17693e3	Steve Traylen
926	c24d3118	Tim Meusel	* [`puppetserver`](#-nftables--rules--out--puppet--puppetserver)
927			* [`puppetserver_port`](#-nftables--rules--out--puppet--puppetserver_port)
928	e17693e3	Steve Traylen
929	c24d3118	Tim Meusel	##### <a name="-nftables--rules--out--puppet--puppetserver"></a>`puppetserver`
930	e17693e3	Steve Traylen
931	09cba182	Steve Traylen	Data type: `Variant[Stdlib::IP::Address,Array[Stdlib::IP::Address,1]]`
932	e17693e3	Steve Traylen
933	09cba182	Steve Traylen	puppetserver hostname
934	e17693e3	Steve Traylen
935	c24d3118	Tim Meusel	##### <a name="-nftables--rules--out--puppet--puppetserver_port"></a>`puppetserver_port`
936	e17693e3	Steve Traylen
937	bc1b0f1a	Steve Traylen	Data type: `Stdlib::Port`
938	e17693e3	Steve Traylen
939	09cba182	Steve Traylen	puppetserver port
940	e17693e3	Steve Traylen
941			Default value: `8140`
942
943	c24d3118	Tim Meusel	### <a name="nftables--rules--out--pxp_agent"></a>`nftables::rules::out::pxp_agent`
944	194e05d5	Tim Meusel
945			manage outgoing pxp-agent
946
947			* See also
948			* also
949			* take a look at nftables::rules::out::puppet, because the PXP agent also connects to a Puppetserver
950
951			#### Parameters
952
953			The following parameters are available in the `nftables::rules::out::pxp_agent` class:
954
955	c24d3118	Tim Meusel	* [`broker`](#-nftables--rules--out--pxp_agent--broker)
956			* [`broker_port`](#-nftables--rules--out--pxp_agent--broker_port)
957	194e05d5	Tim Meusel
958	c24d3118	Tim Meusel	##### <a name="-nftables--rules--out--pxp_agent--broker"></a>`broker`
959	194e05d5	Tim Meusel
960			Data type: `Variant[Stdlib::IP::Address,Array[Stdlib::IP::Address,1]]`
961
962			PXP broker IP(s)
963
964	c24d3118	Tim Meusel	##### <a name="-nftables--rules--out--pxp_agent--broker_port"></a>`broker_port`
965	194e05d5	Tim Meusel
966			Data type: `Stdlib::Port`
967
968			PXP broker port
969
970			Default value: `8142`
971
972	c24d3118	Tim Meusel	### <a name="nftables--rules--out--smtp"></a>`nftables::rules::out::smtp`
973	e17693e3	Steve Traylen
974	19908f41	mh	allow outgoing smtp
975
976	c24d3118	Tim Meusel	### <a name="nftables--rules--out--smtp_client"></a>`nftables::rules::out::smtp_client`
977	19908f41	mh
978			allow outgoing smtp client
979	e17693e3	Steve Traylen
980	c24d3118	Tim Meusel	### <a name="nftables--rules--out--ssh"></a>`nftables::rules::out::ssh`
981	e17693e3	Steve Traylen
982			manage out ssh
983
984	c24d3118	Tim Meusel	### <a name="nftables--rules--out--ssh--remove"></a>`nftables::rules::out::ssh::remove`
985	e17693e3	Steve Traylen
986			disable outgoing ssh
987
988	c24d3118	Tim Meusel	### <a name="nftables--rules--out--tor"></a>`nftables::rules::out::tor`
989	e17693e3	Steve Traylen
990			manage out tor
991
992	c24d3118	Tim Meusel	### <a name="nftables--rules--out--whois"></a>`nftables::rules::out::whois`
993	2b1896c1	Tim Meusel
994			allow clients to query remote whois server
995
996	c24d3118	Tim Meusel	### <a name="nftables--rules--out--wireguard"></a>`nftables::rules::out::wireguard`
997	e17693e3	Steve Traylen
998			manage out wireguard
999
1000			#### Parameters
1001
1002	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::out::wireguard` class:
1003	e17693e3	Steve Traylen
1004	c24d3118	Tim Meusel	* [`ports`](#-nftables--rules--out--wireguard--ports)
1005	e17693e3	Steve Traylen
1006	c24d3118	Tim Meusel	##### <a name="-nftables--rules--out--wireguard--ports"></a>`ports`
1007	e17693e3	Steve Traylen
1008	09cba182	Steve Traylen	Data type: `Array[Integer,1]`
1009	e17693e3	Steve Traylen
1010	09cba182	Steve Traylen	specify wireguard ports
1011	e17693e3	Steve Traylen
1012			Default value: `[51820]`
1013
1014	c24d3118	Tim Meusel	### <a name="nftables--rules--puppet"></a>`nftables::rules::puppet`
1015	e17693e3	Steve Traylen
1016			manage in puppet
1017
1018			#### Parameters
1019
1020	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::puppet` class:
1021	e17693e3	Steve Traylen
1022	c24d3118	Tim Meusel	* [`ports`](#-nftables--rules--puppet--ports)
1023	e17693e3	Steve Traylen
1024	c24d3118	Tim Meusel	##### <a name="-nftables--rules--puppet--ports"></a>`ports`
1025	e17693e3	Steve Traylen
1026	09cba182	Steve Traylen	Data type: `Array[Integer,1]`
1027	e17693e3	Steve Traylen
1028	09cba182	Steve Traylen	puppet server ports
1029	e17693e3	Steve Traylen
1030			Default value: `[8140]`
1031
1032	c24d3118	Tim Meusel	### <a name="nftables--rules--pxp_agent"></a>`nftables::rules::pxp_agent`
1033	7f74df2e	Tim Meusel
1034			manage in pxp-agent
1035
1036			#### Parameters
1037
1038			The following parameters are available in the `nftables::rules::pxp_agent` class:
1039
1040	c24d3118	Tim Meusel	* [`ports`](#-nftables--rules--pxp_agent--ports)
1041	7f74df2e	Tim Meusel
1042	c24d3118	Tim Meusel	##### <a name="-nftables--rules--pxp_agent--ports"></a>`ports`
1043	7f74df2e	Tim Meusel
1044	2b1896c1	Tim Meusel	Data type: `Array[Stdlib::Port,1]`
1045	7f74df2e	Tim Meusel
1046			pxp server ports
1047
1048			Default value: `[8142]`
1049
1050	c24d3118	Tim Meusel	### <a name="nftables--rules--qemu"></a>`nftables::rules::qemu`
1051	cd2a3cbf	Nacho Barrientos
1052			This class configures the typical firewall setup that libvirt
1053			creates. Depending on your requirements you can switch on and off
1054			several aspects, for instance if you don't do DHCP to your guests
1055			you can disable the rules that accept DHCP traffic on the host or if
1056			you don't want your guests to talk to hosts outside you can disable
1057			forwarding and/or masquerading for IPv4 traffic.
1058
1059			#### Parameters
1060
1061			The following parameters are available in the `nftables::rules::qemu` class:
1062
1063	c24d3118	Tim Meusel	* [`interface`](#-nftables--rules--qemu--interface)
1064			* [`network_v4`](#-nftables--rules--qemu--network_v4)
1065			* [`network_v6`](#-nftables--rules--qemu--network_v6)
1066			* [`dns`](#-nftables--rules--qemu--dns)
1067			* [`dhcpv4`](#-nftables--rules--qemu--dhcpv4)
1068			* [`forward_traffic`](#-nftables--rules--qemu--forward_traffic)
1069			* [`internal_traffic`](#-nftables--rules--qemu--internal_traffic)
1070			* [`masquerade`](#-nftables--rules--qemu--masquerade)
1071	cd2a3cbf	Nacho Barrientos
1072	c24d3118	Tim Meusel	##### <a name="-nftables--rules--qemu--interface"></a>`interface`
1073	cd2a3cbf	Nacho Barrientos
1074			Data type: `String[1]`
1075
1076			Interface name used by the bridge.
1077
1078			Default value: `'virbr0'`
1079
1080	c24d3118	Tim Meusel	##### <a name="-nftables--rules--qemu--network_v4"></a>`network_v4`
1081	cd2a3cbf	Nacho Barrientos
1082			Data type: `Stdlib::IP::Address::V4::CIDR`
1083
1084			The IPv4 network prefix used in the virtual network.
1085
1086			Default value: `'192.168.122.0/24'`
1087
1088	c24d3118	Tim Meusel	##### <a name="-nftables--rules--qemu--network_v6"></a>`network_v6`
1089	cd2a3cbf	Nacho Barrientos
1090			Data type: `Optional[Stdlib::IP::Address::V6::CIDR]`
1091
1092			The IPv6 network prefix used in the virtual network.
1093
1094	c24d3118	Tim Meusel	Default value: `undef`
1095	cd2a3cbf	Nacho Barrientos
1096	c24d3118	Tim Meusel	##### <a name="-nftables--rules--qemu--dns"></a>`dns`
1097	cd2a3cbf	Nacho Barrientos
1098			Data type: `Boolean`
1099
1100			Allow DNS traffic from the guests to the host.
1101
1102	c24d3118	Tim Meusel	Default value: `true`
1103	cd2a3cbf	Nacho Barrientos
1104	c24d3118	Tim Meusel	##### <a name="-nftables--rules--qemu--dhcpv4"></a>`dhcpv4`
1105	cd2a3cbf	Nacho Barrientos
1106			Data type: `Boolean`
1107
1108			Allow DHCPv4 traffic from the guests to the host.
1109
1110	c24d3118	Tim Meusel	Default value: `true`
1111	cd2a3cbf	Nacho Barrientos
1112	c24d3118	Tim Meusel	##### <a name="-nftables--rules--qemu--forward_traffic"></a>`forward_traffic`
1113	cd2a3cbf	Nacho Barrientos
1114			Data type: `Boolean`
1115
1116			Allow forwarded traffic (out all, in related/established)
1117			generated by the virtual network.
1118
1119	c24d3118	Tim Meusel	Default value: `true`
1120	cd2a3cbf	Nacho Barrientos
1121	c24d3118	Tim Meusel	##### <a name="-nftables--rules--qemu--internal_traffic"></a>`internal_traffic`
1122	cd2a3cbf	Nacho Barrientos
1123			Data type: `Boolean`
1124
1125			Allow guests in the virtual network to talk to each other.
1126
1127	c24d3118	Tim Meusel	Default value: `true`
1128	cd2a3cbf	Nacho Barrientos
1129	c24d3118	Tim Meusel	##### <a name="-nftables--rules--qemu--masquerade"></a>`masquerade`
1130	cd2a3cbf	Nacho Barrientos
1131			Data type: `Boolean`
1132
1133			Do NAT masquerade on all IPv4 traffic generated by guests
1134			to external networks.
1135
1136	c24d3118	Tim Meusel	Default value: `true`
1137	cd2a3cbf	Nacho Barrientos
1138	c24d3118	Tim Meusel	### <a name="nftables--rules--samba"></a>`nftables::rules::samba`
1139	19908f41	mh
1140			manage Samba, the suite to allow Windows file sharing on Linux resources.
1141
1142			#### Parameters
1143
1144			The following parameters are available in the `nftables::rules::samba` class:
1145
1146	c24d3118	Tim Meusel	* [`ctdb`](#-nftables--rules--samba--ctdb)
1147	19908f41	mh
1148	c24d3118	Tim Meusel	##### <a name="-nftables--rules--samba--ctdb"></a>`ctdb`
1149	19908f41	mh
1150			Data type: `Boolean`
1151
1152			Enable ctdb-driven clustered Samba setups.
1153
1154	c24d3118	Tim Meusel	Default value: `false`
1155	19908f41	mh
1156	c24d3118	Tim Meusel	### <a name="nftables--rules--smtp"></a>`nftables::rules::smtp`
1157	e17693e3	Steve Traylen
1158			manage in smtp
1159
1160	c24d3118	Tim Meusel	### <a name="nftables--rules--smtp_submission"></a>`nftables::rules::smtp_submission`
1161	e17693e3	Steve Traylen
1162			manage in smtp submission
1163
1164	c24d3118	Tim Meusel	### <a name="nftables--rules--smtps"></a>`nftables::rules::smtps`
1165	e17693e3	Steve Traylen
1166			manage in smtps
1167
1168	c24d3118	Tim Meusel	### <a name="nftables--rules--ssh"></a>`nftables::rules::ssh`
1169	e17693e3	Steve Traylen
1170			manage in ssh
1171
1172			#### Parameters
1173
1174	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::ssh` class:
1175	e17693e3	Steve Traylen
1176	c24d3118	Tim Meusel	* [`ports`](#-nftables--rules--ssh--ports)
1177	e17693e3	Steve Traylen
1178	c24d3118	Tim Meusel	##### <a name="-nftables--rules--ssh--ports"></a>`ports`
1179	e17693e3	Steve Traylen
1180	09cba182	Steve Traylen	Data type: `Array[Stdlib::Port,1]`
1181	e17693e3	Steve Traylen
1182	09cba182	Steve Traylen	ssh ports
1183	e17693e3	Steve Traylen
1184			Default value: `[22]`
1185
1186	c24d3118	Tim Meusel	### <a name="nftables--rules--tor"></a>`nftables::rules::tor`
1187	e17693e3	Steve Traylen
1188			manage in tor
1189
1190			#### Parameters
1191
1192	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::tor` class:
1193	e17693e3	Steve Traylen
1194	c24d3118	Tim Meusel	* [`ports`](#-nftables--rules--tor--ports)
1195	e17693e3	Steve Traylen
1196	c24d3118	Tim Meusel	##### <a name="-nftables--rules--tor--ports"></a>`ports`
1197	e17693e3	Steve Traylen
1198	09cba182	Steve Traylen	Data type: `Array[Stdlib::Port,1]`
1199	e17693e3	Steve Traylen
1200	09cba182	Steve Traylen	ports for tor
1201	e17693e3	Steve Traylen
1202			Default value: `[9001]`
1203
1204	c24d3118	Tim Meusel	### <a name="nftables--rules--wireguard"></a>`nftables::rules::wireguard`
1205	e17693e3	Steve Traylen
1206			manage in wireguard
1207
1208			#### Parameters
1209
1210	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::wireguard` class:
1211	e17693e3	Steve Traylen
1212	c24d3118	Tim Meusel	* [`ports`](#-nftables--rules--wireguard--ports)
1213	e17693e3	Steve Traylen
1214	c24d3118	Tim Meusel	##### <a name="-nftables--rules--wireguard--ports"></a>`ports`
1215	e17693e3	Steve Traylen
1216	09cba182	Steve Traylen	Data type: `Array[Stdlib::Port,1]`
1217	e17693e3	Steve Traylen
1218	09cba182	Steve Traylen	wiregueard port
1219	e17693e3	Steve Traylen
1220			Default value: `[51820]`
1221
1222	c24d3118	Tim Meusel	### <a name="nftables--services--dhcpv6_client"></a>`nftables::services::dhcpv6_client`
1223	7f6cacc5	Steve Traylen
1224	09cba182	Steve Traylen	Allow in and outbound traffic for DHCPv6 server
1225	7f6cacc5	Steve Traylen
1226	c24d3118	Tim Meusel	### <a name="nftables--services--openafs_client"></a>`nftables::services::openafs_client`
1227	7f6cacc5	Steve Traylen
1228	09cba182	Steve Traylen	Open inbound and outbound ports for an AFS client
1229	7f6cacc5	Steve Traylen
1230	e17693e3	Steve Traylen	## Defined types
1231
1232	c24d3118	Tim Meusel	### <a name="nftables--chain"></a>`nftables::chain`
1233	e17693e3	Steve Traylen
1234			manage a chain
1235
1236			#### Parameters
1237
1238	09cba182	Steve Traylen	The following parameters are available in the `nftables::chain` defined type:
1239
1240	c24d3118	Tim Meusel	* [`table`](#-nftables--chain--table)
1241			* [`chain`](#-nftables--chain--chain)
1242			* [`inject`](#-nftables--chain--inject)
1243			* [`inject_iif`](#-nftables--chain--inject_iif)
1244			* [`inject_oif`](#-nftables--chain--inject_oif)
1245	e17693e3	Steve Traylen
1246	c24d3118	Tim Meusel	##### <a name="-nftables--chain--table"></a>`table`
1247	e17693e3	Steve Traylen
1248	7030bde0	Luis Fernández Álvarez	Data type: `Pattern[/^(ip\|ip6\|inet\|netdev\|bridge)-[a-zA-Z0-9_]+$/]`
1249	e17693e3	Steve Traylen
1250
1251
1252			Default value: `'inet-filter'`
1253
1254	c24d3118	Tim Meusel	##### <a name="-nftables--chain--chain"></a>`chain`
1255	e17693e3	Steve Traylen
1256			Data type: `Pattern[/^[a-zA-Z0-9_]+$/]`
1257
1258
1259
1260			Default value: `$title`
1261
1262	c24d3118	Tim Meusel	##### <a name="-nftables--chain--inject"></a>`inject`
1263	e17693e3	Steve Traylen
1264			Data type: `Optional[Pattern[/^\d\d-[a-zA-Z0-9_]+$/]]`
1265
1266
1267
1268	c24d3118	Tim Meusel	Default value: `undef`
1269	e17693e3	Steve Traylen
1270	c24d3118	Tim Meusel	##### <a name="-nftables--chain--inject_iif"></a>`inject_iif`
1271	e17693e3	Steve Traylen
1272			Data type: `Optional[String]`
1273
1274
1275
1276	c24d3118	Tim Meusel	Default value: `undef`
1277	e17693e3	Steve Traylen
1278	c24d3118	Tim Meusel	##### <a name="-nftables--chain--inject_oif"></a>`inject_oif`
1279	e17693e3	Steve Traylen
1280			Data type: `Optional[String]`
1281
1282
1283
1284	c24d3118	Tim Meusel	Default value: `undef`
1285	e17693e3	Steve Traylen
1286	c24d3118	Tim Meusel	### <a name="nftables--config"></a>`nftables::config`
1287	e17693e3	Steve Traylen
1288			manage a config snippet
1289
1290			#### Parameters
1291
1292	09cba182	Steve Traylen	The following parameters are available in the `nftables::config` defined type:
1293	e17693e3	Steve Traylen
1294	c24d3118	Tim Meusel	* [`tablespec`](#-nftables--config--tablespec)
1295			* [`content`](#-nftables--config--content)
1296			* [`source`](#-nftables--config--source)
1297			* [`prefix`](#-nftables--config--prefix)
1298	09cba182	Steve Traylen
1299	c24d3118	Tim Meusel	##### <a name="-nftables--config--tablespec"></a>`tablespec`
1300	13f4e4c6	Steve Traylen
1301			Data type: `Pattern[/^\w+-\w+$/]`
1302
1303
1304
1305			Default value: `$title`
1306
1307	c24d3118	Tim Meusel	##### <a name="-nftables--config--content"></a>`content`
1308	e17693e3	Steve Traylen
1309			Data type: `Optional[String]`
1310
1311
1312
1313	c24d3118	Tim Meusel	Default value: `undef`
1314	e17693e3	Steve Traylen
1315	c24d3118	Tim Meusel	##### <a name="-nftables--config--source"></a>`source`
1316	e17693e3	Steve Traylen
1317			Data type: `Optional[Variant[String,Array[String,1]]]`
1318
1319
1320
1321	c24d3118	Tim Meusel	Default value: `undef`
1322	e17693e3	Steve Traylen
1323	c24d3118	Tim Meusel	##### <a name="-nftables--config--prefix"></a>`prefix`
1324	13f4e4c6	Steve Traylen
1325			Data type: `String`
1326
1327
1328
1329			Default value: `'custom-'`
1330
1331	c24d3118	Tim Meusel	### <a name="nftables--file"></a>`nftables::file`
1332	331b8d85	Steve Traylen
1333			Insert a file into the nftables configuration
1334
1335			#### Examples
1336
1337			##### Include a file that includes other files
1338
1339			```puppet
1340			nftables::file{'geoip':
1341			content => @(EOT)
1342			include "/var/local/geoipsets/dbip/nftset/ipv4/*.ipv4"
1343			include "/var/local/geoipsets/dbip/nftset/ipv6/*.ipv6"
1344			\|EOT,
1345			}
1346			```
1347
1348			#### Parameters
1349
1350			The following parameters are available in the `nftables::file` defined type:
1351
1352	c24d3118	Tim Meusel	* [`label`](#-nftables--file--label)
1353			* [`content`](#-nftables--file--content)
1354			* [`source`](#-nftables--file--source)
1355			* [`prefix`](#-nftables--file--prefix)
1356	331b8d85	Steve Traylen
1357	c24d3118	Tim Meusel	##### <a name="-nftables--file--label"></a>`label`
1358	331b8d85	Steve Traylen
1359			Data type: `String[1]`
1360
1361			Unique name to include in filename.
1362
1363			Default value: `$title`
1364
1365	c24d3118	Tim Meusel	##### <a name="-nftables--file--content"></a>`content`
1366	331b8d85	Steve Traylen
1367			Data type: `Optional[String]`
1368
1369			The content to place in the file.
1370
1371	c24d3118	Tim Meusel	Default value: `undef`
1372	331b8d85	Steve Traylen
1373	c24d3118	Tim Meusel	##### <a name="-nftables--file--source"></a>`source`
1374	331b8d85	Steve Traylen
1375			Data type: `Optional[Variant[String,Array[String,1]]]`
1376
1377			A source to obtain the file content from.
1378
1379	c24d3118	Tim Meusel	Default value: `undef`
1380	331b8d85	Steve Traylen
1381	c24d3118	Tim Meusel	##### <a name="-nftables--file--prefix"></a>`prefix`
1382	331b8d85	Steve Traylen
1383			Data type: `String`
1384
1385			Prefix of file name to be created, if left as `file-` it will be
1386			auto included in the main nft configuration
1387
1388			Default value: `'file-'`
1389
1390	c24d3118	Tim Meusel	### <a name="nftables--rule"></a>`nftables::rule`
1391	e17693e3	Steve Traylen
1392	13f26dfc	Nacho Barrientos	Provides an interface to create a firewall rule
1393
1394			#### Examples
1395
1396			##### add a rule named 'myhttp' to the 'default_in' chain to allow incoming traffic to TCP port 80
1397
1398			```puppet
1399			nftables::rule {
1400			'default_in-myhttp':
1401			content => 'tcp dport 80 accept',
1402			}
1403			```
1404
1405			##### add a rule named 'count' to the 'PREROUTING6' chain in table 'ip6 nat' to count traffic
1406
1407			```puppet
1408			nftables::rule {
1409			'PREROUTING6-count':
1410			content => 'counter',
1411			table => 'ip6-nat'
1412			}
1413			```
1414	e17693e3	Steve Traylen
1415			#### Parameters
1416
1417	09cba182	Steve Traylen	The following parameters are available in the `nftables::rule` defined type:
1418
1419	c24d3118	Tim Meusel	* [`ensure`](#-nftables--rule--ensure)
1420			* [`rulename`](#-nftables--rule--rulename)
1421			* [`order`](#-nftables--rule--order)
1422			* [`table`](#-nftables--rule--table)
1423			* [`content`](#-nftables--rule--content)
1424			* [`source`](#-nftables--rule--source)
1425	e17693e3	Steve Traylen
1426	c24d3118	Tim Meusel	##### <a name="-nftables--rule--ensure"></a>`ensure`
1427	e17693e3	Steve Traylen
1428			Data type: `Enum['present','absent']`
1429
1430	13f26dfc	Nacho Barrientos	Should the rule be created.
1431	e17693e3	Steve Traylen
1432			Default value: `'present'`
1433
1434	c24d3118	Tim Meusel	##### <a name="-nftables--rule--rulename"></a>`rulename`
1435	e17693e3	Steve Traylen
1436	8c00b818	Nacho Barrientos	Data type: `Nftables::RuleName`
1437	e17693e3	Steve Traylen
1438	13f26dfc	Nacho Barrientos	The symbolic name for the rule and to what chain to add it. The
1439			format is defined by the Nftables::RuleName type.
1440	e17693e3	Steve Traylen
1441			Default value: `$title`
1442
1443	c24d3118	Tim Meusel	##### <a name="-nftables--rule--order"></a>`order`
1444	e17693e3	Steve Traylen
1445			Data type: `Pattern[/^\d\d$/]`
1446
1447	13f26dfc	Nacho Barrientos	A number representing the order of the rule.
1448	e17693e3	Steve Traylen
1449			Default value: `'50'`
1450
1451	c24d3118	Tim Meusel	##### <a name="-nftables--rule--table"></a>`table`
1452	e17693e3	Steve Traylen
1453	b02d6ea9	Nacho Barrientos	Data type: `String`
1454	e17693e3	Steve Traylen
1455	13f26dfc	Nacho Barrientos	The name of the table to add this rule to.
1456	e17693e3	Steve Traylen
1457			Default value: `'inet-filter'`
1458
1459	c24d3118	Tim Meusel	##### <a name="-nftables--rule--content"></a>`content`
1460	e17693e3	Steve Traylen
1461			Data type: `Optional[String]`
1462
1463	13f26dfc	Nacho Barrientos	The raw statements that compose the rule represented using the nftables
1464			language.
1465	e17693e3	Steve Traylen
1466	c24d3118	Tim Meusel	Default value: `undef`
1467	e17693e3	Steve Traylen
1468	c24d3118	Tim Meusel	##### <a name="-nftables--rule--source"></a>`source`
1469	e17693e3	Steve Traylen
1470			Data type: `Optional[Variant[String,Array[String,1]]]`
1471
1472	13f26dfc	Nacho Barrientos	Same goal as content but sourcing the value from a file.
1473	e17693e3	Steve Traylen
1474	c24d3118	Tim Meusel	Default value: `undef`
1475	e17693e3	Steve Traylen
1476	c24d3118	Tim Meusel	### <a name="nftables--rules--dnat4"></a>`nftables::rules::dnat4`
1477	e17693e3	Steve Traylen
1478			manage a ipv4 dnat rule
1479
1480			#### Parameters
1481
1482	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::dnat4` defined type:
1483
1484	c24d3118	Tim Meusel	* [`daddr`](#-nftables--rules--dnat4--daddr)
1485			* [`port`](#-nftables--rules--dnat4--port)
1486			* [`rulename`](#-nftables--rules--dnat4--rulename)
1487			* [`order`](#-nftables--rules--dnat4--order)
1488			* [`chain`](#-nftables--rules--dnat4--chain)
1489			* [`iif`](#-nftables--rules--dnat4--iif)
1490			* [`proto`](#-nftables--rules--dnat4--proto)
1491			* [`dport`](#-nftables--rules--dnat4--dport)
1492			* [`ensure`](#-nftables--rules--dnat4--ensure)
1493	e17693e3	Steve Traylen
1494	c24d3118	Tim Meusel	##### <a name="-nftables--rules--dnat4--daddr"></a>`daddr`
1495	e17693e3	Steve Traylen
1496			Data type: `Pattern[/^[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}\.[12]?\d{1,2}$/]`
1497
1498
1499
1500	c24d3118	Tim Meusel	##### <a name="-nftables--rules--dnat4--port"></a>`port`
1501	e17693e3	Steve Traylen
1502	bc1b0f1a	Steve Traylen	Data type: `Variant[String,Stdlib::Port]`
1503	e17693e3	Steve Traylen
1504
1505
1506	c24d3118	Tim Meusel	##### <a name="-nftables--rules--dnat4--rulename"></a>`rulename`
1507	e17693e3	Steve Traylen
1508			Data type: `Pattern[/^[a-zA-Z0-9_]+$/]`
1509
1510
1511
1512			Default value: `$title`
1513
1514	c24d3118	Tim Meusel	##### <a name="-nftables--rules--dnat4--order"></a>`order`
1515	e17693e3	Steve Traylen
1516			Data type: `Pattern[/^\d\d$/]`
1517
1518
1519
1520			Default value: `'50'`
1521
1522	c24d3118	Tim Meusel	##### <a name="-nftables--rules--dnat4--chain"></a>`chain`
1523	e17693e3	Steve Traylen
1524			Data type: `String[1]`
1525
1526
1527
1528			Default value: `'default_fwd'`
1529
1530	c24d3118	Tim Meusel	##### <a name="-nftables--rules--dnat4--iif"></a>`iif`
1531	e17693e3	Steve Traylen
1532			Data type: `Optional[String[1]]`
1533
1534
1535
1536	c24d3118	Tim Meusel	Default value: `undef`
1537	e17693e3	Steve Traylen
1538	c24d3118	Tim Meusel	##### <a name="-nftables--rules--dnat4--proto"></a>`proto`
1539	e17693e3	Steve Traylen
1540			Data type: `Enum['tcp','udp']`
1541
1542
1543
1544			Default value: `'tcp'`
1545
1546	c24d3118	Tim Meusel	##### <a name="-nftables--rules--dnat4--dport"></a>`dport`
1547	e17693e3	Steve Traylen
1548	bc1b0f1a	Steve Traylen	Data type: `Optional[Variant[String,Stdlib::Port]]`
1549	e17693e3	Steve Traylen
1550
1551
1552	c24d3118	Tim Meusel	Default value: `undef`
1553	e17693e3	Steve Traylen
1554	c24d3118	Tim Meusel	##### <a name="-nftables--rules--dnat4--ensure"></a>`ensure`
1555	e17693e3	Steve Traylen
1556			Data type: `Enum['present','absent']`
1557
1558
1559
1560			Default value: `'present'`
1561
1562	c24d3118	Tim Meusel	### <a name="nftables--rules--masquerade"></a>`nftables::rules::masquerade`
1563	e17693e3	Steve Traylen
1564			masquerade all outgoing traffic
1565
1566			#### Parameters
1567
1568	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::masquerade` defined type:
1569	e17693e3	Steve Traylen
1570	c24d3118	Tim Meusel	* [`rulename`](#-nftables--rules--masquerade--rulename)
1571			* [`order`](#-nftables--rules--masquerade--order)
1572			* [`chain`](#-nftables--rules--masquerade--chain)
1573			* [`oif`](#-nftables--rules--masquerade--oif)
1574			* [`saddr`](#-nftables--rules--masquerade--saddr)
1575			* [`daddr`](#-nftables--rules--masquerade--daddr)
1576			* [`proto`](#-nftables--rules--masquerade--proto)
1577			* [`dport`](#-nftables--rules--masquerade--dport)
1578			* [`ensure`](#-nftables--rules--masquerade--ensure)
1579	09cba182	Steve Traylen
1580	c24d3118	Tim Meusel	##### <a name="-nftables--rules--masquerade--rulename"></a>`rulename`
1581	e17693e3	Steve Traylen
1582			Data type: `Pattern[/^[a-zA-Z0-9_]+$/]`
1583
1584
1585
1586			Default value: `$title`
1587
1588	c24d3118	Tim Meusel	##### <a name="-nftables--rules--masquerade--order"></a>`order`
1589	e17693e3	Steve Traylen
1590			Data type: `Pattern[/^\d\d$/]`
1591
1592
1593
1594			Default value: `'70'`
1595
1596	c24d3118	Tim Meusel	##### <a name="-nftables--rules--masquerade--chain"></a>`chain`
1597	e17693e3	Steve Traylen
1598			Data type: `String[1]`
1599
1600
1601
1602			Default value: `'POSTROUTING'`
1603
1604	c24d3118	Tim Meusel	##### <a name="-nftables--rules--masquerade--oif"></a>`oif`
1605	e17693e3	Steve Traylen
1606			Data type: `Optional[String[1]]`
1607
1608
1609
1610	c24d3118	Tim Meusel	Default value: `undef`
1611	e17693e3	Steve Traylen
1612	c24d3118	Tim Meusel	##### <a name="-nftables--rules--masquerade--saddr"></a>`saddr`
1613	e17693e3	Steve Traylen
1614			Data type: `Optional[String[1]]`
1615
1616
1617
1618	c24d3118	Tim Meusel	Default value: `undef`
1619	e17693e3	Steve Traylen
1620	c24d3118	Tim Meusel	##### <a name="-nftables--rules--masquerade--daddr"></a>`daddr`
1621	e17693e3	Steve Traylen
1622			Data type: `Optional[String[1]]`
1623
1624
1625
1626	c24d3118	Tim Meusel	Default value: `undef`
1627	e17693e3	Steve Traylen
1628	c24d3118	Tim Meusel	##### <a name="-nftables--rules--masquerade--proto"></a>`proto`
1629	e17693e3	Steve Traylen
1630			Data type: `Optional[Enum['tcp','udp']]`
1631
1632
1633
1634	c24d3118	Tim Meusel	Default value: `undef`
1635	e17693e3	Steve Traylen
1636	c24d3118	Tim Meusel	##### <a name="-nftables--rules--masquerade--dport"></a>`dport`
1637	e17693e3	Steve Traylen
1638	bc1b0f1a	Steve Traylen	Data type: `Optional[Variant[String,Stdlib::Port]]`
1639	e17693e3	Steve Traylen
1640
1641
1642	c24d3118	Tim Meusel	Default value: `undef`
1643	e17693e3	Steve Traylen
1644	c24d3118	Tim Meusel	##### <a name="-nftables--rules--masquerade--ensure"></a>`ensure`
1645	e17693e3	Steve Traylen
1646			Data type: `Enum['present','absent']`
1647
1648
1649
1650			Default value: `'present'`
1651
1652	c24d3118	Tim Meusel	### <a name="nftables--rules--snat4"></a>`nftables::rules::snat4`
1653	e17693e3	Steve Traylen
1654			manage a ipv4 snat rule
1655
1656			#### Parameters
1657
1658	09cba182	Steve Traylen	The following parameters are available in the `nftables::rules::snat4` defined type:
1659
1660	c24d3118	Tim Meusel	* [`snat`](#-nftables--rules--snat4--snat)
1661			* [`rulename`](#-nftables--rules--snat4--rulename)
1662			* [`order`](#-nftables--rules--snat4--order)
1663			* [`chain`](#-nftables--rules--snat4--chain)
1664			* [`oif`](#-nftables--rules--snat4--oif)
1665			* [`saddr`](#-nftables--rules--snat4--saddr)
1666			* [`proto`](#-nftables--rules--snat4--proto)
1667			* [`dport`](#-nftables--rules--snat4--dport)
1668			* [`ensure`](#-nftables--rules--snat4--ensure)
1669	e17693e3	Steve Traylen
1670	c24d3118	Tim Meusel	##### <a name="-nftables--rules--snat4--snat"></a>`snat`
1671	e17693e3	Steve Traylen
1672			Data type: `String[1]`
1673
1674
1675
1676	c24d3118	Tim Meusel	##### <a name="-nftables--rules--snat4--rulename"></a>`rulename`
1677	e17693e3	Steve Traylen
1678			Data type: `Pattern[/^[a-zA-Z0-9_]+$/]`
1679
1680
1681
1682			Default value: `$title`
1683
1684	c24d3118	Tim Meusel	##### <a name="-nftables--rules--snat4--order"></a>`order`
1685	e17693e3	Steve Traylen
1686			Data type: `Pattern[/^\d\d$/]`
1687
1688
1689
1690			Default value: `'70'`
1691
1692	c24d3118	Tim Meusel	##### <a name="-nftables--rules--snat4--chain"></a>`chain`
1693	e17693e3	Steve Traylen
1694			Data type: `String[1]`
1695
1696
1697
1698			Default value: `'POSTROUTING'`
1699
1700	c24d3118	Tim Meusel	##### <a name="-nftables--rules--snat4--oif"></a>`oif`
1701	e17693e3	Steve Traylen
1702			Data type: `Optional[String[1]]`
1703
1704
1705
1706	c24d3118	Tim Meusel	Default value: `undef`
1707	e17693e3	Steve Traylen
1708	c24d3118	Tim Meusel	##### <a name="-nftables--rules--snat4--saddr"></a>`saddr`
1709	e17693e3	Steve Traylen
1710			Data type: `Optional[String[1]]`
1711
1712
1713
1714	c24d3118	Tim Meusel	Default value: `undef`
1715	e17693e3	Steve Traylen
1716	c24d3118	Tim Meusel	##### <a name="-nftables--rules--snat4--proto"></a>`proto`
1717	e17693e3	Steve Traylen
1718			Data type: `Optional[Enum['tcp','udp']]`
1719
1720
1721
1722	c24d3118	Tim Meusel	Default value: `undef`
1723	e17693e3	Steve Traylen
1724	c24d3118	Tim Meusel	##### <a name="-nftables--rules--snat4--dport"></a>`dport`
1725	e17693e3	Steve Traylen
1726	bc1b0f1a	Steve Traylen	Data type: `Optional[Variant[String,Stdlib::Port]]`
1727	e17693e3	Steve Traylen
1728
1729
1730	c24d3118	Tim Meusel	Default value: `undef`
1731	e17693e3	Steve Traylen
1732	c24d3118	Tim Meusel	##### <a name="-nftables--rules--snat4--ensure"></a>`ensure`
1733	e17693e3	Steve Traylen
1734			Data type: `Enum['present','absent']`
1735
1736
1737
1738			Default value: `'present'`
1739
1740	c24d3118	Tim Meusel	### <a name="nftables--set"></a>`nftables::set`
1741	7f6cacc5	Steve Traylen
1742			manage a named set
1743
1744	13f4e4c6	Steve Traylen	#### Examples
1745
1746			##### simple set
1747
1748			```puppet
1749			nftables::set{'my_set':
1750			type => 'ipv4_addr',
1751			flags => ['interval'],
1752			elements => ['192.168.0.1/24', '10.0.0.2'],
1753			auto_merge => true,
1754			}
1755			```
1756
1757	7f6cacc5	Steve Traylen	#### Parameters
1758
1759	09cba182	Steve Traylen	The following parameters are available in the `nftables::set` defined type:
1760
1761	c24d3118	Tim Meusel	* [`ensure`](#-nftables--set--ensure)
1762			* [`setname`](#-nftables--set--setname)
1763			* [`order`](#-nftables--set--order)
1764			* [`type`](#-nftables--set--type)
1765			* [`table`](#-nftables--set--table)
1766			* [`flags`](#-nftables--set--flags)
1767			* [`timeout`](#-nftables--set--timeout)
1768			* [`gc_interval`](#-nftables--set--gc_interval)
1769			* [`elements`](#-nftables--set--elements)
1770			* [`size`](#-nftables--set--size)
1771			* [`policy`](#-nftables--set--policy)
1772			* [`auto_merge`](#-nftables--set--auto_merge)
1773			* [`content`](#-nftables--set--content)
1774			* [`source`](#-nftables--set--source)
1775
1776			##### <a name="-nftables--set--ensure"></a>`ensure`
1777	7f6cacc5	Steve Traylen
1778			Data type: `Enum['present','absent']`
1779
1780	13f4e4c6	Steve Traylen	should the set be created.
1781	7f6cacc5	Steve Traylen
1782			Default value: `'present'`
1783
1784	c24d3118	Tim Meusel	##### <a name="-nftables--set--setname"></a>`setname`
1785	7f6cacc5	Steve Traylen
1786			Data type: `Pattern[/^[-a-zA-Z0-9_]+$/]`
1787
1788	13f4e4c6	Steve Traylen	name of set, equal to to title.
1789	7f6cacc5	Steve Traylen
1790			Default value: `$title`
1791
1792	c24d3118	Tim Meusel	##### <a name="-nftables--set--order"></a>`order`
1793	7f6cacc5	Steve Traylen
1794			Data type: `Pattern[/^\d\d$/]`
1795
1796	13f4e4c6	Steve Traylen	concat ordering.
1797	7f6cacc5	Steve Traylen
1798			Default value: `'10'`
1799
1800	c24d3118	Tim Meusel	##### <a name="-nftables--set--type"></a>`type`
1801	7f6cacc5	Steve Traylen
1802			Data type: `Optional[Enum['ipv4_addr', 'ipv6_addr', 'ether_addr', 'inet_proto', 'inet_service', 'mark']]`
1803
1804	13f4e4c6	Steve Traylen	type of set.
1805	7f6cacc5	Steve Traylen
1806	c24d3118	Tim Meusel	Default value: `undef`
1807	7f6cacc5	Steve Traylen
1808	c24d3118	Tim Meusel	##### <a name="-nftables--set--table"></a>`table`
1809	7f6cacc5	Steve Traylen
1810	c94658e1	Nacho Barrientos	Data type: `Variant[String, Array[String, 1]]`
1811	7f6cacc5	Steve Traylen
1812	c94658e1	Nacho Barrientos	table or array of tables to add the set to.
1813	7f6cacc5	Steve Traylen
1814			Default value: `'inet-filter'`
1815
1816	c24d3118	Tim Meusel	##### <a name="-nftables--set--flags"></a>`flags`
1817	7f6cacc5	Steve Traylen
1818			Data type: `Array[Enum['constant', 'dynamic', 'interval', 'timeout'], 0, 4]`
1819
1820	13f4e4c6	Steve Traylen	specify flags for set
1821	7f6cacc5	Steve Traylen
1822			Default value: `[]`
1823
1824	c24d3118	Tim Meusel	##### <a name="-nftables--set--timeout"></a>`timeout`
1825	7f6cacc5	Steve Traylen
1826			Data type: `Optional[Integer]`
1827
1828	13f4e4c6	Steve Traylen	timeout in seconds
1829	7f6cacc5	Steve Traylen
1830	c24d3118	Tim Meusel	Default value: `undef`
1831	7f6cacc5	Steve Traylen
1832	c24d3118	Tim Meusel	##### <a name="-nftables--set--gc_interval"></a>`gc_interval`
1833	7f6cacc5	Steve Traylen
1834			Data type: `Optional[Integer]`
1835
1836	13f4e4c6	Steve Traylen	garbage collection interval.
1837	7f6cacc5	Steve Traylen
1838	c24d3118	Tim Meusel	Default value: `undef`
1839	7f6cacc5	Steve Traylen
1840	c24d3118	Tim Meusel	##### <a name="-nftables--set--elements"></a>`elements`
1841	7f6cacc5	Steve Traylen
1842			Data type: `Optional[Array[String]]`
1843
1844	13f4e4c6	Steve Traylen	initialize the set with some elements in it.
1845	7f6cacc5	Steve Traylen
1846	c24d3118	Tim Meusel	Default value: `undef`
1847	7f6cacc5	Steve Traylen
1848	c24d3118	Tim Meusel	##### <a name="-nftables--set--size"></a>`size`
1849	7f6cacc5	Steve Traylen
1850			Data type: `Optional[Integer]`
1851
1852	13f4e4c6	Steve Traylen	limits the maximum number of elements of the set.
1853	7f6cacc5	Steve Traylen
1854	c24d3118	Tim Meusel	Default value: `undef`
1855	7f6cacc5	Steve Traylen
1856	c24d3118	Tim Meusel	##### <a name="-nftables--set--policy"></a>`policy`
1857	7f6cacc5	Steve Traylen
1858			Data type: `Optional[Enum['performance', 'memory']]`
1859
1860	13f4e4c6	Steve Traylen	determines set selection policy.
1861	7f6cacc5	Steve Traylen
1862	c24d3118	Tim Meusel	Default value: `undef`
1863	7f6cacc5	Steve Traylen
1864	c24d3118	Tim Meusel	##### <a name="-nftables--set--auto_merge"></a>`auto_merge`
1865	7f6cacc5	Steve Traylen
1866			Data type: `Boolean`
1867
1868	13f4e4c6	Steve Traylen	?
1869	7f6cacc5	Steve Traylen
1870	c24d3118	Tim Meusel	Default value: `false`
1871	7f6cacc5	Steve Traylen
1872	c24d3118	Tim Meusel	##### <a name="-nftables--set--content"></a>`content`
1873	7f6cacc5	Steve Traylen
1874			Data type: `Optional[String]`
1875
1876	13f4e4c6	Steve Traylen	specify content of set.
1877	7f6cacc5	Steve Traylen
1878	c24d3118	Tim Meusel	Default value: `undef`
1879	7f6cacc5	Steve Traylen
1880	c24d3118	Tim Meusel	##### <a name="-nftables--set--source"></a>`source`
1881	7f6cacc5	Steve Traylen
1882			Data type: `Optional[Variant[String,Array[String,1]]]`
1883
1884	13f4e4c6	Steve Traylen	specify source of set.
1885	7f6cacc5	Steve Traylen
1886	c24d3118	Tim Meusel	Default value: `undef`
1887	7f6cacc5	Steve Traylen
1888	c24d3118	Tim Meusel	### <a name="nftables--simplerule"></a>`nftables::simplerule`
1889	4d63adda	Nacho Barrientos
1890	b46c9ce9	Nacho Barrientos	Provides a simplified interface to nftables::rule
1891	4d63adda	Nacho Barrientos
1892	b46c9ce9	Nacho Barrientos	#### Examples
1893	4d63adda	Nacho Barrientos
1894	b46c9ce9	Nacho Barrientos	##### allow incoming traffic from port 541 on port 543 TCP to a given IP range and count packets
1895	4d63adda	Nacho Barrientos
1896	b46c9ce9	Nacho Barrientos	```puppet
1897			nftables::simplerule{'my_service_in':
1898			action => 'accept',
1899			comment => 'allow traffic to port 543',
1900			counter => true,
1901			proto => 'tcp',
1902			dport => 543,
1903			daddr => '2001:1458::/32',
1904			sport => 541,
1905			}
1906			```
1907	4d63adda	Nacho Barrientos
1908	b46c9ce9	Nacho Barrientos	#### Parameters
1909	4d63adda	Nacho Barrientos
1910	09cba182	Steve Traylen	The following parameters are available in the `nftables::simplerule` defined type:
1911
1912	c24d3118	Tim Meusel	* [`ensure`](#-nftables--simplerule--ensure)
1913			* [`rulename`](#-nftables--simplerule--rulename)
1914			* [`order`](#-nftables--simplerule--order)
1915			* [`chain`](#-nftables--simplerule--chain)
1916			* [`table`](#-nftables--simplerule--table)
1917			* [`action`](#-nftables--simplerule--action)
1918			* [`comment`](#-nftables--simplerule--comment)
1919			* [`dport`](#-nftables--simplerule--dport)
1920			* [`proto`](#-nftables--simplerule--proto)
1921			* [`daddr`](#-nftables--simplerule--daddr)
1922			* [`set_type`](#-nftables--simplerule--set_type)
1923			* [`sport`](#-nftables--simplerule--sport)
1924			* [`saddr`](#-nftables--simplerule--saddr)
1925			* [`counter`](#-nftables--simplerule--counter)
1926
1927			##### <a name="-nftables--simplerule--ensure"></a>`ensure`
1928	13f4e4c6	Steve Traylen
1929			Data type: `Enum['present','absent']`
1930
1931			Should the rule be created.
1932
1933			Default value: `'present'`
1934
1935	c24d3118	Tim Meusel	##### <a name="-nftables--simplerule--rulename"></a>`rulename`
1936	4d63adda	Nacho Barrientos
1937	8c00b818	Nacho Barrientos	Data type: `Nftables::SimpleRuleName`
1938	4d63adda	Nacho Barrientos
1939	b46c9ce9	Nacho Barrientos	The symbolic name for the rule to add. Defaults to the resource's title.
1940	4d63adda	Nacho Barrientos
1941			Default value: `$title`
1942
1943	c24d3118	Tim Meusel	##### <a name="-nftables--simplerule--order"></a>`order`
1944	4d63adda	Nacho Barrientos
1945			Data type: `Pattern[/^\d\d$/]`
1946
1947	b46c9ce9	Nacho Barrientos	A number representing the order of the rule.
1948	4d63adda	Nacho Barrientos
1949			Default value: `'50'`
1950
1951	c24d3118	Tim Meusel	##### <a name="-nftables--simplerule--chain"></a>`chain`
1952	4d63adda	Nacho Barrientos
1953			Data type: `String`
1954
1955	b46c9ce9	Nacho Barrientos	The name of the chain to add this rule to.
1956	4d63adda	Nacho Barrientos
1957			Default value: `'default_in'`
1958
1959	c24d3118	Tim Meusel	##### <a name="-nftables--simplerule--table"></a>`table`
1960	4d63adda	Nacho Barrientos
1961			Data type: `String`
1962
1963	b46c9ce9	Nacho Barrientos	The name of the table to add this rule to.
1964	4d63adda	Nacho Barrientos
1965			Default value: `'inet-filter'`
1966
1967	c24d3118	Tim Meusel	##### <a name="-nftables--simplerule--action"></a>`action`
1968	4d63adda	Nacho Barrientos
1969			Data type: `Enum['accept', 'continue', 'drop', 'queue', 'return']`
1970
1971	b46c9ce9	Nacho Barrientos	The verdict for the matched traffic.
1972	4d63adda	Nacho Barrientos
1973			Default value: `'accept'`
1974
1975	c24d3118	Tim Meusel	##### <a name="-nftables--simplerule--comment"></a>`comment`
1976	4d63adda	Nacho Barrientos
1977			Data type: `Optional[String]`
1978
1979	b46c9ce9	Nacho Barrientos	A typically human-readable comment for the rule.
1980	4d63adda	Nacho Barrientos
1981	c24d3118	Tim Meusel	Default value: `undef`
1982	4d63adda	Nacho Barrientos
1983	c24d3118	Tim Meusel	##### <a name="-nftables--simplerule--dport"></a>`dport`
1984	4d63adda	Nacho Barrientos
1985			Data type: `Optional[Nftables::Port]`
1986
1987	b46c9ce9	Nacho Barrientos	The destination port, ports or port range.
1988	4d63adda	Nacho Barrientos
1989	c24d3118	Tim Meusel	Default value: `undef`
1990	4d63adda	Nacho Barrientos
1991	c24d3118	Tim Meusel	##### <a name="-nftables--simplerule--proto"></a>`proto`
1992	4d63adda	Nacho Barrientos
1993			Data type: `Optional[Enum['tcp', 'tcp4', 'tcp6', 'udp', 'udp4', 'udp6']]`
1994
1995	b46c9ce9	Nacho Barrientos	The transport-layer protocol to match.
1996	4d63adda	Nacho Barrientos
1997	c24d3118	Tim Meusel	Default value: `undef`
1998	4d63adda	Nacho Barrientos
1999	c24d3118	Tim Meusel	##### <a name="-nftables--simplerule--daddr"></a>`daddr`
2000	4d63adda	Nacho Barrientos
2001			Data type: `Optional[Nftables::Addr]`
2002
2003	b46c9ce9	Nacho Barrientos	The destination address, CIDR or set to match.
2004	4d63adda	Nacho Barrientos
2005	c24d3118	Tim Meusel	Default value: `undef`
2006	4d63adda	Nacho Barrientos
2007	c24d3118	Tim Meusel	##### <a name="-nftables--simplerule--set_type"></a>`set_type`
2008	4d63adda	Nacho Barrientos
2009			Data type: `Enum['ip', 'ip6']`
2010
2011	b46c9ce9	Nacho Barrientos	When using sets as saddr or daddr, the type of the set.
2012			Use `ip` for sets of type `ipv4_addr`.
2013	4d63adda	Nacho Barrientos
2014			Default value: `'ip6'`
2015
2016	c24d3118	Tim Meusel	##### <a name="-nftables--simplerule--sport"></a>`sport`
2017	4d63adda	Nacho Barrientos
2018			Data type: `Optional[Nftables::Port]`
2019
2020	b46c9ce9	Nacho Barrientos	The source port, ports or port range.
2021	4d63adda	Nacho Barrientos
2022	c24d3118	Tim Meusel	Default value: `undef`
2023	4d63adda	Nacho Barrientos
2024	c24d3118	Tim Meusel	##### <a name="-nftables--simplerule--saddr"></a>`saddr`
2025	4d63adda	Nacho Barrientos
2026			Data type: `Optional[Nftables::Addr]`
2027
2028	b46c9ce9	Nacho Barrientos	The source address, CIDR or set to match.
2029	4d63adda	Nacho Barrientos
2030	c24d3118	Tim Meusel	Default value: `undef`
2031	4d63adda	Nacho Barrientos
2032	c24d3118	Tim Meusel	##### <a name="-nftables--simplerule--counter"></a>`counter`
2033	4d63adda	Nacho Barrientos
2034			Data type: `Boolean`
2035
2036	b46c9ce9	Nacho Barrientos	Enable traffic counters for the matched traffic.
2037	4d63adda	Nacho Barrientos
2038	c24d3118	Tim Meusel	Default value: `false`
2039	4d63adda	Nacho Barrientos
2040			## Data types
2041
2042	c24d3118	Tim Meusel	### <a name="Nftables--Addr"></a>`Nftables::Addr`
2043	4d63adda	Nacho Barrientos
2044			Represents an address expression to be used within a rule.
2045
2046	c24d3118	Tim Meusel	Alias of `Variant[Stdlib::IP::Address::V6, Stdlib::IP::Address::V4, Nftables::Addr::Set]`
2047	09cba182	Steve Traylen
2048	c24d3118	Tim Meusel	### <a name="Nftables--Addr--Set"></a>`Nftables::Addr::Set`
2049	4d63adda	Nacho Barrientos
2050			Represents a set expression to be used within a rule.
2051
2052	c24d3118	Tim Meusel	Alias of `Pattern[/^@[-a-zA-Z0-9_]+$/]`
2053	4d63adda	Nacho Barrientos
2054	c24d3118	Tim Meusel	### <a name="Nftables--Port"></a>`Nftables::Port`
2055	4d63adda	Nacho Barrientos
2056			Represents a port expression to be used within a rule.
2057
2058	c24d3118	Tim Meusel	Alias of `Variant[Array[Stdlib::Port, 1], Stdlib::Port, Nftables::Port::Range]`
2059	4d63adda	Nacho Barrientos
2060	c24d3118	Tim Meusel	### <a name="Nftables--Port--Range"></a>`Nftables::Port::Range`
2061	4d63adda	Nacho Barrientos
2062			Represents a port range expression to be used within a rule.
2063
2064	c24d3118	Tim Meusel	Alias of `Pattern[/^\d+-\d+$/]`
2065	4d63adda	Nacho Barrientos
2066	c24d3118	Tim Meusel	### <a name="Nftables--RuleName"></a>`Nftables::RuleName`
2067	8c00b818	Nacho Barrientos
2068			Represents a rule name to be used in a raw rule created via nftables::rule.
2069			It's a dash separated string. The first component describes the chain to
2070			add the rule to, the second the rule name and the (optional) third a number.
2071			Ex: 'default_in-sshd', 'default_out-my_service-2'.
2072
2073	c24d3118	Tim Meusel	Alias of `Pattern[/^[a-zA-Z0-9_]+-[a-zA-Z0-9_]+(-\d+)?$/]`
2074	09cba182	Steve Traylen
2075	c24d3118	Tim Meusel	### <a name="Nftables--SimpleRuleName"></a>`Nftables::SimpleRuleName`
2076	8c00b818	Nacho Barrientos
2077			Represents a simple rule name to be used in a rule created via nftables::simplerule
2078
2079	c24d3118	Tim Meusel	Alias of `Pattern[/^[a-zA-Z0-9_]+(-\d+)?$/]`

Projet

Général

Profil

puppet nftables

root / REFERENCE.md @ ea29e235