diff options
author | Tim Meusel <tim@bastelfreak.de> | 2019-09-02 12:40:55 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-09-02 12:40:55 +0200 |
commit | c6540af81cdf3b1bea85bbf3d8f8aa07eef10bcd (patch) | |
tree | df30502ab574dd029636662f8bf4b06bbe182b07 /REFERENCE.md | |
parent | ba10de286c634715931103031ad3bf20ce56ca14 (diff) | |
parent | 859f8ba5cb553d66c9dcdbc232d17a0b641624df (diff) | |
download | puppet-ferm-c6540af81cdf3b1bea85bbf3d8f8aa07eef10bcd.tar.gz puppet-ferm-c6540af81cdf3b1bea85bbf3d8f8aa07eef10bcd.tar.bz2 |
Merge pull request #55 from bastelfreak/chains
allow preserving of chains in tables
Diffstat (limited to 'REFERENCE.md')
-rw-r--r-- | REFERENCE.md | 44 |
1 files changed, 36 insertions, 8 deletions
diff --git a/REFERENCE.md b/REFERENCE.md index 44d7034..39ba310 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -7,7 +7,7 @@ _Public Classes_ -* [`ferm`](#ferm): Class: ferm This class manages ferm installation and rule generation on modern linux systems class{'ferm': manage_service => true, ip_v +* [`ferm`](#ferm): This class manages ferm installation and rule generation on modern linux systems _Private Classes_ @@ -31,19 +31,38 @@ _Private Classes_ Class: ferm -This class manages ferm installation and rule generation on modern linux systems +#### Examples -class{'ferm': - manage_service => true, - ip_versions => ['ip6'], -} +##### deploy ferm without any configured rules, but also don't start the service or modify existing config files -#### Examples +```puppet +include ferm +``` -##### deploy ferm and start it, on node with only ipv6 enabled +##### deploy ferm and start it, on nodes with only ipv6 enabled ```puppet +class{'ferm': + manage_service => true, + ip_versions => ['ip6'], +} +``` +##### deploy ferm and don't touch chains from other software, like fail2ban and docker + +```puppet +class{'ferm': + manage_service => true, + preserve_chains_in_tables => { + 'filter' => [ + 'f2b-sshd', + 'DOCKER', + 'DOCKER-ISOLATION-STAGE-1', + 'DOCKER-ISOLATION-STAGE-2', + 'DOCKER-USER', + ] + } +} ``` #### Parameters @@ -161,6 +180,15 @@ Data type: `Array[Enum['ip','ip6']]` Set list of versions of ip we want ot use. Default value: ['ip', 'ip6'] +##### `preserve_chains_in_tables` + +Data type: `Hash[String[1],Array[String[1]]]` + +Hash with table:chains[] to use ferm @preserve for +Default value: Empty Hash +Allowed values: Hash with a list of tables and chains in it to preserve +Example: {'nat' => ['PREROUTING', 'POSTROUTING']} + ## Defined types ### ferm::chain |