diff options
| author | Thore Bödecker <thore.boedecker@godaddy.com> | 2019-07-10 16:37:50 +0200 |
|---|---|---|
| committer | Tim Meusel <tim@bastelfreak.de> | 2019-09-02 11:19:00 +0200 |
| commit | 859f8ba5cb553d66c9dcdbc232d17a0b641624df (patch) | |
| tree | df30502ab574dd029636662f8bf4b06bbe182b07 /REFERENCE.md | |
| parent | ba10de286c634715931103031ad3bf20ce56ca14 (diff) | |
| download | puppet-ferm-859f8ba5cb553d66c9dcdbc232d17a0b641624df.tar.gz puppet-ferm-859f8ba5cb553d66c9dcdbc232d17a0b641624df.tar.bz2 | |
allow preserving of chains in tables
Diffstat (limited to 'REFERENCE.md')
| -rw-r--r-- | REFERENCE.md | 44 |
1 files changed, 36 insertions, 8 deletions
diff --git a/REFERENCE.md b/REFERENCE.md index 44d7034..39ba310 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -7,7 +7,7 @@ _Public Classes_ -* [`ferm`](#ferm): Class: ferm This class manages ferm installation and rule generation on modern linux systems class{'ferm': manage_service => true, ip_v +* [`ferm`](#ferm): This class manages ferm installation and rule generation on modern linux systems _Private Classes_ @@ -31,19 +31,38 @@ _Private Classes_ Class: ferm -This class manages ferm installation and rule generation on modern linux systems +#### Examples -class{'ferm': - manage_service => true, - ip_versions => ['ip6'], -} +##### deploy ferm without any configured rules, but also don't start the service or modify existing config files -#### Examples +```puppet +include ferm +``` -##### deploy ferm and start it, on node with only ipv6 enabled +##### deploy ferm and start it, on nodes with only ipv6 enabled ```puppet +class{'ferm': + manage_service => true, + ip_versions => ['ip6'], +} +``` +##### deploy ferm and don't touch chains from other software, like fail2ban and docker + +```puppet +class{'ferm': + manage_service => true, + preserve_chains_in_tables => { + 'filter' => [ + 'f2b-sshd', + 'DOCKER', + 'DOCKER-ISOLATION-STAGE-1', + 'DOCKER-ISOLATION-STAGE-2', + 'DOCKER-USER', + ] + } +} ``` #### Parameters @@ -161,6 +180,15 @@ Data type: `Array[Enum['ip','ip6']]` Set list of versions of ip we want ot use. Default value: ['ip', 'ip6'] +##### `preserve_chains_in_tables` + +Data type: `Hash[String[1],Array[String[1]]]` + +Hash with table:chains[] to use ferm @preserve for +Default value: Empty Hash +Allowed values: Hash with a list of tables and chains in it to preserve +Example: {'nat' => ['PREROUTING', 'POSTROUTING']} + ## Defined types ### ferm::chain |