add proto_options to enable usage of icmp types

author: Kilian Engelhardt <kilian.engelhardt@godaddy.com> 2018-07-13 18:14:22 +0200
committer: Tim Meusel <tim@bastelfreak.de> 2018-07-13 18:51:54 +0200
commit: 65ebfd9de601225b1fab19580cef85d80fce6988 (patch)
tree: f4f241fbd50e9662795283ebf72f1623f9b7e3b7 /README.md
parent: 0d5ef0c562710395b17fe10b6a1096ed43f58bed (diff)
download: puppet-ferm-65ebfd9de601225b1fab19580cef85d80fce6988.tar.gz
puppet-ferm-65ebfd9de601225b1fab19580cef85d80fce6988.tar.bz2
1 files changed, 14 insertions, 0 deletions
diff --git a/README.md b/README.md
index 9317a24..b4d0705 100644
--- a/README.md
+++ b/README.md
@@ -131,6 +131,20 @@ The desired policy. Allowed values are Enum['ACCEPT','DROP', 'REJECT']
 
 the protocol we would like to filter. Allowed values are Enum['icmp', 'tcp', 'udp']
 
+### `proto_options`
+
+The protocol options we would like to add.
+The following example will suppress the hostname in programs like `traceroute`:
+```yaml
+---
+ferm::rules:
+  'drop_output_traceroute':
+    chain: 'OUTPUT'
+    policy: 'DROP'
+    proto: 'icmp'
+    proto_options: 'icmp-type time-exceeded'
+```
+
 #### `comment`
 
 A comment that will be written into the file and into ip(6)tables
author	Kilian Engelhardt <kilian.engelhardt@godaddy.com>	2018-07-13 18:14:22 +0200
committer	Tim Meusel <tim@bastelfreak.de>	2018-07-13 18:51:54 +0200
commit	65ebfd9de601225b1fab19580cef85d80fce6988 (patch)
tree	f4f241fbd50e9662795283ebf72f1623f9b7e3b7 /README.md
parent	0d5ef0c562710395b17fe10b6a1096ed43f58bed (diff)
download	puppet-ferm-65ebfd9de601225b1fab19580cef85d80fce6988.tar.gz puppet-ferm-65ebfd9de601225b1fab19580cef85d80fce6988.tar.bz2