expose parameter to initialize custom chains

Previously it was not possible to define custom chains with parameter, e.g. in order to collect them from hiera. This commit adds this functionality, just like it was already in place for ferm::rules.
author: Thore Bödecker <me@foxxx0.de> 2019-09-11 16:07:44 +0200
committer: Thore Bödecker <me@foxxx0.de> 2019-09-11 16:54:19 +0200
commit: 8e4920c3ceef338432fa01f1f8d2f6597f9fff05 (patch)
tree: 9679fe9c45dd0741325c179aedaf5cc91dfd3225
parent: 6d96e030be0db4a916dd6a9bd0b25570d359e634 (diff)
download: puppet-ferm-8e4920c3ceef338432fa01f1f8d2f6597f9fff05.tar.gz
puppet-ferm-8e4920c3ceef338432fa01f1f8d2f6597f9fff05.tar.bz2
3 files changed, 19 insertions, 0 deletions
diff --git a/REFERENCE.md b/REFERENCE.md
index 19ffae0..33327c5 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -151,6 +151,14 @@ A hash that holds all data for ferm::rule
 Default value: Empty Hash
 Allowed value: Any Hash
 
+##### `chains`
+
+Data type: `Hash`
+
+A hash that holds all data for ferm::chain
+Default value: Empty Hash
+Allowed value: Any Hash
+
 ##### `forward_log_dropped_packets`
 
 Data type: `Boolean`
diff --git a/data/common.yaml b/data/common.yaml
index d40c155..34392e9 100644
--- a/data/common.yaml
+++ b/data/common.yaml
@@ -10,6 +10,7 @@ ferm::forward_policy: DROP
 ferm::output_policy: ACCEPT
 ferm::preserve_chains_in_tables: {}
 ferm::rules: {}
+ferm::chains: {}
 ferm::input_log_dropped_packets: false
 ferm::forward_log_dropped_packets: false
 ferm::output_log_dropped_packets: false
diff --git a/manifests/init.pp b/manifests/init.pp
index d2251c9..2f5e1ef 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -55,6 +55,9 @@
 # @param rules A hash that holds all data for ferm::rule
 #   Default value: Empty Hash
 #   Allowed value: Any Hash
+# @param chains A hash that holds all data for ferm::chain
+#   Default value: Empty Hash
+#   Allowed value: Any Hash
 # @param forward_log_dropped_packets Enable/Disable logging in the FORWARD chain of packets to the kernel log, if no explicit chain matched
 #   Default value: false
 #   Allowed values: (true|false)
@@ -84,6 +87,7 @@ class ferm (
   Boolean $output_log_dropped_packets,
   Boolean $input_log_dropped_packets,
   Hash $rules,
+  Hash $chains,
   Array[Enum['ip','ip6']] $ip_versions,
   Hash[String[1],Array[String[1]]] $preserve_chains_in_tables,
 ) {
@@ -98,6 +102,12 @@ class ferm (
   Ferm::Chain <| |>
   ~> Class['ferm::service']
 
+  $chains.each |$chainname, $attributes| {
+    ferm::chain{$chainname:
+      * => $attributes,
+    }
+  }
+
   $rules.each |$rulename, $attributes| {
     ferm::rule{$rulename:
       * => $attributes,
author	Thore Bödecker <me@foxxx0.de>	2019-09-11 16:07:44 +0200
committer	Thore Bödecker <me@foxxx0.de>	2019-09-11 16:54:19 +0200
commit	8e4920c3ceef338432fa01f1f8d2f6597f9fff05 (patch)
tree	9679fe9c45dd0741325c179aedaf5cc91dfd3225
parent	6d96e030be0db4a916dd6a9bd0b25570d359e634 (diff)
download	puppet-ferm-8e4920c3ceef338432fa01f1f8d2f6597f9fff05.tar.gz puppet-ferm-8e4920c3ceef338432fa01f1f8d2f6597f9fff05.tar.bz2