aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--REFERENCE.md59
-rw-r--r--data/Archlinux.yaml3
-rw-r--r--data/RedHat.yaml3
-rw-r--r--data/Ubuntu.yaml1
-rw-r--r--data/common.yaml19
-rw-r--r--hiera.yaml3
-rw-r--r--manifests/init.pp59
7 files changed, 52 insertions, 95 deletions
diff --git a/REFERENCE.md b/REFERENCE.md
index 5ab5f0b..75dfe6f 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -76,129 +76,126 @@ The following parameters are available in the `ferm` class.
Data type: `Boolean`
Disable/Enable the management of the ferm daemon
-Default value: false
-Allowed values: (true|false)
+
+Default value: `false`
##### `manage_configfile`
Data type: `Boolean`
Disable/Enable the management of the ferm default config
-Default value: false
-Allowed values: (true|false)
+
+Default value: `false`
##### `manage_initfile`
Data type: `Boolean`
Disable/Enable the management of the ferm init script for RedHat-based OS
-Default value: false
-Allowed values: (true|false)
+
+Default value: `false`
##### `configfile`
Data type: `Stdlib::Absolutepath`
Path to the config file
-Default value: /etc/ferm.conf
-Allowed values: Stdlib::Absolutepath
##### `configdirectory`
Data type: `Stdlib::Absolutepath`
Path to the directory where the module stores ferm configuration files
-Default value: /etc/ferm.d or /etc/ferm/ferm.d
-Allowed values: Stdlib::Absolutepath
##### `disable_conntrack`
Data type: `Boolean`
Disable/Enable the generation of conntrack rules
-Default value: false
-Allowed values: (true|false)
+
+Default value: `false`
##### `forward_policy`
Data type: `Ferm::Policies`
Default policy for the FORWARD chain
-Default value: DROP
-Allowed values: (ACCEPT|DROP)
+
+Default value: 'DROP'
##### `output_policy`
Data type: `Ferm::Policies`
Default policy for the OUTPUT chain
-Default value: ACCEPT
-Allowed values: (ACCEPT|DROP)
+
+Default value: 'ACCEPT'
##### `input_policy`
Data type: `Ferm::Policies`
Default policy for the INPUT chain
-Default value: DROP
-Allowed values: (ACCEPT|DROP)
+
+Default value: 'DROP'
##### `rules`
Data type: `Hash`
A hash that holds all data for ferm::rule
-Default value: Empty Hash
-Allowed value: Any Hash
+
+Default value: {}
##### `chains`
Data type: `Hash`
A hash that holds all data for ferm::chain
-Default value: Empty Hash
-Allowed value: Any Hash
+
+Default value: {}
##### `forward_log_dropped_packets`
Data type: `Boolean`
Enable/Disable logging in the FORWARD chain of packets to the kernel log, if no explicit chain matched
-Default value: false
-Allowed values: (true|false)
+
+Default value: `false`
##### `output_log_dropped_packets`
Data type: `Boolean`
Enable/Disable logging in the OUTPUT chain of packets to the kernel log, if no explicit chain matched
-Default value: false
-Allowed values: (true|false)
+
+Default value: `false`
##### `input_log_dropped_packets`
Data type: `Boolean`
Enable/Disable logging in the INPUT chain of packets to the kernel log, if no explicit chain matched
-Default value: false
-Allowed values: (true|false)
+
+Default value: `false`
##### `ip_versions`
Data type: `Array[Enum['ip','ip6']]`
Set list of versions of ip we want ot use.
-Default value: ['ip', 'ip6']
+
+Default value: ['ip','ip6']
##### `preserve_chains_in_tables`
Data type: `Hash[String[1],Array[String[1]]]`
Hash with table:chains[] to use ferm @preserve for
-Default value: Empty Hash
-Allowed values: Hash with a list of tables and chains in it to preserve
Example: {'nat' => ['PREROUTING', 'POSTROUTING']}
+Default value: {}
+
## Defined types
### ferm::chain
diff --git a/data/Archlinux.yaml b/data/Archlinux.yaml
new file mode 100644
index 0000000..6b05d2f
--- /dev/null
+++ b/data/Archlinux.yaml
@@ -0,0 +1,3 @@
+---
+ferm::configfile: /etc/ferm.conf
+ferm::configdirectory: /etc/ferm.d
diff --git a/data/RedHat.yaml b/data/RedHat.yaml
new file mode 100644
index 0000000..6b05d2f
--- /dev/null
+++ b/data/RedHat.yaml
@@ -0,0 +1,3 @@
+---
+ferm::configfile: /etc/ferm.conf
+ferm::configdirectory: /etc/ferm.d
diff --git a/data/Ubuntu.yaml b/data/Ubuntu.yaml
index f580a8f..cb30553 100644
--- a/data/Ubuntu.yaml
+++ b/data/Ubuntu.yaml
@@ -1,2 +1,3 @@
---
ferm::configfile: /etc/ferm/ferm.conf
+ferm::configdirectory: /etc/ferm.d
diff --git a/data/common.yaml b/data/common.yaml
deleted file mode 100644
index 34392e9..0000000
--- a/data/common.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-ferm::manage_service: false
-ferm::manage_configfile: false
-ferm::manage_initfile: false
-ferm::disable_conntrack: false
-ferm::configfile: /etc/ferm.conf
-ferm::configdirectory: /etc/ferm.d
-ferm::input_policy: DROP
-ferm::forward_policy: DROP
-ferm::output_policy: ACCEPT
-ferm::preserve_chains_in_tables: {}
-ferm::rules: {}
-ferm::chains: {}
-ferm::input_log_dropped_packets: false
-ferm::forward_log_dropped_packets: false
-ferm::output_log_dropped_packets: false
-ferm::ip_versions:
- - ip
- - ip6
diff --git a/hiera.yaml b/hiera.yaml
index aa8c6ec..6b62091 100644
--- a/hiera.yaml
+++ b/hiera.yaml
@@ -15,5 +15,8 @@ hierarchy:
- name: 'Distribution Name'
path: '%{facts.os.name}.yaml'
+ - name: 'Operating System Family'
+ path: '%{facts.os.family}.yaml'
+
- name: 'common'
path: 'common.yaml'
diff --git a/manifests/init.pp b/manifests/init.pp
index 2f5e1ef..d8fd06a 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -26,70 +26,39 @@
# }
#
# @param manage_service Disable/Enable the management of the ferm daemon
-# Default value: false
-# Allowed values: (true|false)
# @param manage_configfile Disable/Enable the management of the ferm default config
-# Default value: false
-# Allowed values: (true|false)
# @param manage_initfile Disable/Enable the management of the ferm init script for RedHat-based OS
-# Default value: false
-# Allowed values: (true|false)
# @param configfile Path to the config file
-# Default value: /etc/ferm.conf
-# Allowed values: Stdlib::Absolutepath
# @param configdirectory Path to the directory where the module stores ferm configuration files
-# Default value: /etc/ferm.d or /etc/ferm/ferm.d
-# Allowed values: Stdlib::Absolutepath
# @param disable_conntrack Disable/Enable the generation of conntrack rules
-# Default value: false
-# Allowed values: (true|false)
# @param forward_policy Default policy for the FORWARD chain
-# Default value: DROP
-# Allowed values: (ACCEPT|DROP)
# @param output_policy Default policy for the OUTPUT chain
-# Default value: ACCEPT
-# Allowed values: (ACCEPT|DROP)
# @param input_policy Default policy for the INPUT chain
-# Default value: DROP
-# Allowed values: (ACCEPT|DROP)
# @param rules A hash that holds all data for ferm::rule
-# Default value: Empty Hash
-# Allowed value: Any Hash
# @param chains A hash that holds all data for ferm::chain
-# Default value: Empty Hash
-# Allowed value: Any Hash
# @param forward_log_dropped_packets Enable/Disable logging in the FORWARD chain of packets to the kernel log, if no explicit chain matched
-# Default value: false
-# Allowed values: (true|false)
# @param output_log_dropped_packets Enable/Disable logging in the OUTPUT chain of packets to the kernel log, if no explicit chain matched
-# Default value: false
-# Allowed values: (true|false)
# @param input_log_dropped_packets Enable/Disable logging in the INPUT chain of packets to the kernel log, if no explicit chain matched
-# Default value: false
-# Allowed values: (true|false)
# @param ip_versions Set list of versions of ip we want ot use.
-# Default value: ['ip', 'ip6']
# @param preserve_chains_in_tables Hash with table:chains[] to use ferm @preserve for
-# Default value: Empty Hash
-# Allowed values: Hash with a list of tables and chains in it to preserve
# Example: {'nat' => ['PREROUTING', 'POSTROUTING']}
class ferm (
- Boolean $manage_service,
- Boolean $manage_configfile,
- Boolean $manage_initfile,
Stdlib::Absolutepath $configfile,
Stdlib::Absolutepath $configdirectory,
- Boolean $disable_conntrack,
- Ferm::Policies $forward_policy,
- Ferm::Policies $output_policy,
- Ferm::Policies $input_policy,
- Boolean $forward_log_dropped_packets,
- Boolean $output_log_dropped_packets,
- Boolean $input_log_dropped_packets,
- Hash $rules,
- Hash $chains,
- Array[Enum['ip','ip6']] $ip_versions,
- Hash[String[1],Array[String[1]]] $preserve_chains_in_tables,
+ Boolean $manage_service = false,
+ Boolean $manage_configfile = false,
+ Boolean $manage_initfile = false,
+ Boolean $disable_conntrack = false,
+ Ferm::Policies $forward_policy = 'DROP',
+ Ferm::Policies $output_policy = 'ACCEPT',
+ Ferm::Policies $input_policy = 'DROP',
+ Boolean $forward_log_dropped_packets = false,
+ Boolean $output_log_dropped_packets = false,
+ Boolean $input_log_dropped_packets = false,
+ Hash $rules = {},
+ Hash $chains = {},
+ Array[Enum['ip','ip6']] $ip_versions = ['ip','ip6'],
+ Hash[String[1],Array[String[1]]] $preserve_chains_in_tables = {},
) {
contain ferm::install
contain ferm::config