diff options
Diffstat (limited to 'docs/file.README.html')
| -rw-r--r-- | docs/file.README.html | 254 |
1 files changed, 0 insertions, 254 deletions
diff --git a/docs/file.README.html b/docs/file.README.html deleted file mode 100644 index c0623b2..0000000 --- a/docs/file.README.html +++ /dev/null @@ -1,254 +0,0 @@ -<!DOCTYPE html> -<html> - <head> - <meta charset="UTF-8"> -<meta name="viewport" content="width=device-width, initial-scale=1.0"> -<title> - File: README - - — Documentation by YARD 0.9.12 - -</title> - - <link rel="stylesheet" href="css/style.css" type="text/css" charset="utf-8" /> - - <link rel="stylesheet" href="css/common.css" type="text/css" charset="utf-8" /> - -<script type="text/javascript" charset="utf-8"> - pathId = ""; - relpath = ''; -</script> - - - <script type="text/javascript" charset="utf-8" src="js/jquery.js"></script> - - <script type="text/javascript" charset="utf-8" src="js/app.js"></script> - - - </head> - <body> - <div class="nav_wrap"> - <iframe id="nav" src="file_list.html?1"></iframe> - <div id="resizer"></div> - </div> - - <div id="main" tabindex="-1"> - <div id="header"> - <div id="menu"> - - <a href="_index.html">Index</a> » - <span class="title">File: README</span> - -</div> - - <div id="search"> - - <a class="full_list_link" id="puppet_class_list_link" - href="puppet_class_list.html"> - - <svg width="24" height="24"> - <rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect> - <rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect> - <rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect> - </svg> - </a> - -</div> - <div class="clear"></div> - </div> - - <div id="content"><div id='filecontents'><h1>puppet-ferm</h1> - -<p><a href="https://travis-ci.org/voxpupuli/puppet-ferm"><img src="https://travis-ci.org/voxpupuli/puppet-ferm.svg?branch=master" alt="Build Status"></a> -<a href="https://forge.puppetlabs.com/puppet/ferm"><img src="https://img.shields.io/puppetforge/v/puppet/ferm.svg" alt="Puppet Forge"></a> -<a href="https://forge.puppetlabs.com/puppet/ferm"><img src="https://img.shields.io/puppetforge/dt/puppet/ferm.svg" alt="Puppet Forge - downloads"></a> -<a href="https://forge.puppetlabs.com/puppet/ferm"><img src="https://img.shields.io/puppetforge/e/puppet/ferm.svg" alt="Puppet Forge - endorsement"></a> -<a href="https://forge.puppetlabs.com/puppet/ferm"><img src="https://img.shields.io/puppetforge/f/puppet/ferm.svg" alt="Puppet Forge - scores"></a> -<a href="https://voxpupuli.org/puppet-ferm"><img src="https://img.shields.io/badge/yard-docs-blue.svg" alt="Yard Docs"></a> -<a href="LICENSE"><img src="https://img.shields.io/github/license/voxpupuli/puppet-ferm.svg" alt="AGPL v3 License"></a></p> - -<h2>Table of Contents</h2> - -<ul> -<li><a href="#overview">Overview</a></li> -<li><a href="#what-happenend-to-older-releases">What happened to older releases?</a></li> -<li><a href="#setup">Setup</a></li> -<li><a href="#support">Support</a></li> -<li><a href="#reference">Reference</a></li> -<li><a href="#development">Development</a></li> -<li><a href="#authors">Authors</a></li> -</ul> - -<hr> - -<h2>Overview</h2> - -<p>This module manages the <a href="http://ferm.foo-projects.org/">ferm</a> firewalling -software. It allows you to configure the actual software, but also all related -rules.</p> - -<h2>What happened to older releases?</h2> - -<p>You maybe wonder what happend to release 1.1.0 and 1.0.0. We had to take them -down because they contained sensitive information.</p> - -<h2>Setup</h2> - -<p>This is very easy:</p> - -<pre class="code puppet"><code class="puppet">include ferm -</code></pre> - -<p>This will install the package, but nothing more. It won't explicitly enable it -or write any rules. Be careful here: The default Debian package enabled -autostart for the service and only allows incoming SSH/IPSec connections.</p> - -<p>You can easily define rules in Puppet (they don't need to be exported resources):</p> - -<pre class="code puppet"><code class="puppet"> @@ferm::rule{"allow_kafka_server2server-${trusted['certname']}": - chain => 'INPUT', - policy => 'ACCEPT', - proto => 'tcp', - dport => '(9092 9093)', - saddr => "(${facts['networking']['ip6']}/128 ${facts['networking']['ip']}/32)", - tag => 'allow_kafka_server2server', - } -</code></pre> - -<p>You can collect them like this:</p> - -<pre class="code puppet"><code class="puppet"># collect all exported resources with the tag allow_vault_server2server -Ferm::Rule <<| tag == 'allow_kafka_server2server' |>> -</code></pre> - -<p>You can also define rules in hiera:</p> - -<pre class="code yaml"><code class="yaml">--- -ferm::rules: - 'allow_http_https': - chain: 'INPUT' - policy: 'ACCEPT' - proto: 'tcp' - dport: '(80 443)' - saddr: "%{hiera('some_other_hiera_key')}" -</code></pre> - -<p>ferm::rules is a hash. configured for deep merge. Hiera will collect all -defined hashes and hand them over to the class. The main class will create -rules for all of them. It also collects all exported resources that are tagged -with the FQDN of a box.</p> - -<h2>Reference</h2> - -<h3>Main class</h3> - -<p>The main class has the following parameters:</p> - -<h4><code>manage_service</code></h4> - -<p>[Boolean] disable/enable the management of the ferm daemon</p> - -<h4><code>manage_configfile</code></h4> - -<p>[Boolean] disable/enable the management of the ferm default config</p> - -<h4><code>configfile</code></h4> - -<p>[Stdlib::Absolutepath] path to the config file</p> - -<h4><code>forward_policy</code></h4> - -<p>[Ferm::Policies] default policy for the FORWARD chain</p> - -<h4><code>output_policy</code></h4> - -<p>[Ferm::Policies] default policy for the OUTPUT chain</p> - -<h4><code>input_policy</code></h4> - -<p>[Ferm::Policies] default policy for the INPUT chain</p> - -<h4><code>rules</code></h4> - -<p>A hash that holds all data for ferm::rule</p> - -<h3>rule defined resource</h3> - -<p>This creates an entry in the correct chain file for ferm.</p> - -<h4><code>chain</code></h4> - -<p>The chain where we place this rule</p> - -<h4><code>policy</code></h4> - -<p>The desired policy. Allowed values are Enum['ACCEPT','DROP', 'REJECT']</p> - -<h4><code>protocol</code></h4> - -<p>the protocol we would like to filter. Allowed values are Enum['icmp', 'tcp', 'udp']</p> - -<h4><code>comment</code></h4> - -<p>A comment that will be written into the file and into ip(6)tables</p> - -<h4><code>dport</code></h4> - -<p>The destination port we want to filter for. Can be any string from /etc/services or an integer</p> - -<h4><code>sport</code></h4> - -<p>Like the destination port above, just for the source port</p> - -<h4><code>saddr</code></h4> - -<p>Source IPv4/IPv6 address. Can be one or many of them. Multiple addresses are -always encapsulated in braces: -'(127.0.0.1 2003::)'</p> - -<p>IPv4 and IPv6 addresses can be mixed. CIDR notation is possible if you want to -block networks, otherwise /32 or /128 is assumed by ferm/ip(6)tables</p> - -<h4><code>daddr</code></h4> - -<p>Same as above, just for the destination IP address</p> - -<h4><code>ensure</code></h4> - -<p>Add or remove it from the ruleset</p> - -<h3>chain defined resource</h3> - -<p>The module defines the three default chains for you, INPUT, FORWARD and OUTPUT. -You're able to define own chains if you want to</p> - -<h4><code>policy</code></h4> - -<p>The desired default policy for the chain</p> - -<h4><code>chain</code></h4> - -<p>The name of the chain</p> - -<h2>Development</h2> - -<p>This project contains tests for <a href="http://rspec-puppet.com/">rspec-puppet</a>.</p> - -<p>Quickstart to run all linter and unit tests:</p> - -<pre class="code bash"><code class="bash">bundle install --path .vendor/ --without system_tests --without development --without release -bundle exec rake test -</code></pre> - -<h2>Authors</h2> - -<p>puppet-ferm is maintained by <a href="https://voxpupuli.org">Vox Pupuli</a>, it was written by <a href="https://github.com/bastelfreak">Tim 'bastelfreak' Meusel</a>.</p> -</div></div> - - <div id="footer"> - Generated by <a href="http://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>. -</div> - - </div> - </body> -</html>
\ No newline at end of file |