diff options
Diffstat (limited to 'REFERENCE.md')
| -rw-r--r-- | REFERENCE.md | 252 |
1 files changed, 252 insertions, 0 deletions
diff --git a/REFERENCE.md b/REFERENCE.md new file mode 100644 index 0000000..9425b52 --- /dev/null +++ b/REFERENCE.md @@ -0,0 +1,252 @@ +# Reference +<!-- DO NOT EDIT: This document was generated by Puppet Strings --> + +## Table of Contents + +**Classes** + +_Public Classes_ + +* [`ferm`](#ferm): Class: ferm This class manages ferm installation and rule generation on modern linux systems class{'ferm': manage_service => true, } + +_Private Classes_ + +* `ferm::config`: This class handles the configuration file. Avoid modifying private classes. +* `ferm::install`: This class handles the configuration file. Avoid modifying private classes. +* `ferm::service`: This class handles the configuration file. Avoid modifying private classes. + +**Defined types** + +* [`ferm::chain`](#fermchain): defined resource which creates all rules for one chain +* [`ferm::rule`](#fermrule): defined resource which creates a single rule in a specific chain + +## Classes + +### ferm + +Class: ferm + +This class manages ferm installation and rule generation on modern linux systems + +class{'ferm': + manage_service => true, +} + +#### Examples + +##### deploy ferm and start it + +```puppet + +``` + +#### Parameters + +The following parameters are available in the `ferm` class. + +##### `manage_service` + +Data type: `Boolean` + +Disable/Enable the management of the ferm daemon +Default value: false +Allowed values: (true|false) + +##### `manage_configfile` + +Data type: `Boolean` + +Disable/Enable the management of the ferm default config +Default value: false +Allowed values: (true|false) + +##### `configfile` + +Data type: `Stdlib::Absolutepath` + +Path to the config file +Default value: /etc/ferm.conf +Allowed values: Stdlib::Absolutepath + +##### `disable_conntrack` + +Data type: `Boolean` + +Disable/Enable the generation of conntrack rules +Default value: false +Allowed values: (true|false) + +##### `forward_policy` + +Data type: `Ferm::Policies` + +Default policy for the FORWARD chain +Default value: DROP +Allowed values: (ACCEPT|DROP|REJECT) + +##### `output_policy` + +Data type: `Ferm::Policies` + +Default policy for the OUTPUT chain +Default value: ACCEPT +Allowed values: (ACCEPT|DROP|REJECT) + +##### `input_policy` + +Data type: `Ferm::Policies` + +Default policy for the INPUT chain +Default value: DROP +Allowed values: (ACCEPT|DROP|REJECT) + +##### `rules` + +Data type: `Hash` + +A hash that holds all data for ferm::rule +Default value: Empty Hash +Allowed value: Any Hash + +##### `forward_log_dropped_packets` + +Data type: `Boolean` + +Enable/Disable logging in the FORWARD chain of packets to the kernel log, if no explicit chain matched +Default value: false +Allowed values: (true|false) + +##### `output_log_dropped_packets` + +Data type: `Boolean` + +Enable/Disable logging in the OUTPUT chain of packets to the kernel log, if no explicit chain matched +Default value: false +Allowed values: (true|false) + +##### `input_log_dropped_packets` + +Data type: `Boolean` + +Enable/Disable logging in the INPUT chain of packets to the kernel log, if no explicit chain matched +Default value: false +Allowed values: (true|false) + +## Defined types + +### ferm::chain + +defined resource which creates all rules for one chain + +#### Parameters + +The following parameters are available in the `ferm::chain` defined type. + +##### `policy` + +Data type: `Ferm::Policies` + +Set the default policy for a CHAIN + +##### `disable_conntrack` + +Data type: `Boolean` + +Disable/Enable usage of conntrack + +##### `chain` + +Data type: `Ferm::Chains` + +Name of the chain that should be managed + +Default value: $name + +##### `log_dropped_packets` + +Data type: `Boolean` + +Enable/Disable logging of packets to the kernel log, if no explicit chain matched + +### ferm::rule + +defined resource which creates a single rule in a specific chain + +#### Parameters + +The following parameters are available in the `ferm::rule` defined type. + +##### `chain` + +Data type: `Ferm::Chains` + +Configure the chain where we want to add the rule + +##### `policy` + +Data type: `Ferm::Policies` + +Configure what we want to do with the packet (drop, accept, log...) + +##### `proto` + +Data type: `Ferm::Protocols` + +Which protocol do we want to match, typically UDP or TCP + +##### `comment` + +Data type: `String` + +A comment that will be added to the ferm config and to ip{,6}tables + +Default value: $name + +##### `dport` + +Data type: `Optional[Variant[Integer,String]]` + +The destination port, can be a range as string or a single port number as integer + +Default value: `undef` + +##### `sport` + +Data type: `Optional[Variant[Integer,String]]` + +The source port, can be a range as string or a single port number as integer + +Default value: `undef` + +##### `saddr` + +Data type: `Optional[String]` + +The source address we want to match + +Default value: `undef` + +##### `daddr` + +Data type: `Optional[String]` + +The destination address we want to match + +Default value: `undef` + +##### `proto_options` + +Data type: `Optional[String[1]]` + +Optional parameters that will be passed to the protocol (for example to match specific ICMP types) + +Default value: `undef` + +##### `ensure` + +Data type: `Enum['absent','present']` + +Set the rule to present or absent + +Default value: 'present' + |