diff options
Diffstat (limited to 'REFERENCE.md')
| -rw-r--r-- | REFERENCE.md | 48 |
1 files changed, 10 insertions, 38 deletions
diff --git a/REFERENCE.md b/REFERENCE.md index eef0dc5..821136b 100644 --- a/REFERENCE.md +++ b/REFERENCE.md @@ -267,34 +267,6 @@ ferm::chain{'check-ssh': } ``` -##### create a custom chain, e.g. for managing custom FORWARD chain rule for OpenVPN using custom ferm DSL. - -```puppet -$my_rules = @(EOT) -chain OPENVPN_FORWORD_RULES { - proto udp { - interface tun0 { - outerface enp4s0 { - mod conntrack ctstate (NEW) saddr @ipfilter((10.8.0.0/24)) ACCEPT; - } - } - } -} -| EOT - -ferm::chain{'OPENVPN_FORWORD_RULES': - chain => 'OPENVPN_FORWORD_RULES', - content => $my_rules, -} - -ferm::rule { "OpenVPN - FORWORD all udp traffic from network 10.8.0.0/24 to subchain OPENVPN_FORWORD_RULES": - chain => 'FORWARD', - action => 'OPENVPN_FORWORD_RULES', - saddr => '10.8.0.0/24', - proto => 'udp', -} -``` - #### Parameters The following parameters are available in the `ferm::chain` defined type. @@ -352,7 +324,7 @@ Default value: 'filter' ##### `ip_versions` -Data type: `Array[Enum['ip','ip6']]` +Data type: `Array[Enum['ip', 'ip6']]` Set list of versions of ip we want ot use. @@ -360,11 +332,11 @@ Default value: $ferm::ip_versions ##### `content` -Data type: `Optional[String]` +Data type: `Optional[String[1]]` -Can only be used for custom chains. It allows you to provide your own ferm rules for this chain. Sets the contents of this custom chain to provided value. -Default value: undef + +Default value: `undef` ### ferm::ipset @@ -454,7 +426,7 @@ ferm::rule{'incoming-ssh': chain => 'INPUT', action => 'SSH', proto => 'tcp', - dport => '22', + dport => 22, } ``` @@ -465,7 +437,7 @@ ferm::rule{'allow-ssh-localhost': chain => 'SSH', action => 'ACCEPT', proto => 'tcp', - dport => '22', + dport => 22, saddr => '127.0.0.1', } ``` @@ -538,17 +510,17 @@ Default value: `undef` ##### `dport` -Data type: `Optional[Variant[Stdlib::Port,String[1]]]` +Data type: `Optional[Variant[Stdlib::Port,Array[Stdlib::Port]]]` -The destination port, can be a range as string or a single port number as integer +The destination port, can be a single port number as integer or an Array of integers (which will then use the multiport matcher) Default value: `undef` ##### `sport` -Data type: `Optional[Variant[Stdlib::Port,String[1]]]` +Data type: `Optional[Variant[Stdlib::Port,Array[Stdlib::Port]]]` -The source port, can be a range as string or a single port number as integer +The source port, can be a single port number as integer or an Array of integers (which will then use the multiport matcher) Default value: `undef` |