diff options
Diffstat (limited to 'manifests/init.pp')
-rw-r--r-- | manifests/init.pp | 59 |
1 files changed, 14 insertions, 45 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index 2f5e1ef..d8fd06a 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -26,70 +26,39 @@ # } # # @param manage_service Disable/Enable the management of the ferm daemon -# Default value: false -# Allowed values: (true|false) # @param manage_configfile Disable/Enable the management of the ferm default config -# Default value: false -# Allowed values: (true|false) # @param manage_initfile Disable/Enable the management of the ferm init script for RedHat-based OS -# Default value: false -# Allowed values: (true|false) # @param configfile Path to the config file -# Default value: /etc/ferm.conf -# Allowed values: Stdlib::Absolutepath # @param configdirectory Path to the directory where the module stores ferm configuration files -# Default value: /etc/ferm.d or /etc/ferm/ferm.d -# Allowed values: Stdlib::Absolutepath # @param disable_conntrack Disable/Enable the generation of conntrack rules -# Default value: false -# Allowed values: (true|false) # @param forward_policy Default policy for the FORWARD chain -# Default value: DROP -# Allowed values: (ACCEPT|DROP) # @param output_policy Default policy for the OUTPUT chain -# Default value: ACCEPT -# Allowed values: (ACCEPT|DROP) # @param input_policy Default policy for the INPUT chain -# Default value: DROP -# Allowed values: (ACCEPT|DROP) # @param rules A hash that holds all data for ferm::rule -# Default value: Empty Hash -# Allowed value: Any Hash # @param chains A hash that holds all data for ferm::chain -# Default value: Empty Hash -# Allowed value: Any Hash # @param forward_log_dropped_packets Enable/Disable logging in the FORWARD chain of packets to the kernel log, if no explicit chain matched -# Default value: false -# Allowed values: (true|false) # @param output_log_dropped_packets Enable/Disable logging in the OUTPUT chain of packets to the kernel log, if no explicit chain matched -# Default value: false -# Allowed values: (true|false) # @param input_log_dropped_packets Enable/Disable logging in the INPUT chain of packets to the kernel log, if no explicit chain matched -# Default value: false -# Allowed values: (true|false) # @param ip_versions Set list of versions of ip we want ot use. -# Default value: ['ip', 'ip6'] # @param preserve_chains_in_tables Hash with table:chains[] to use ferm @preserve for -# Default value: Empty Hash -# Allowed values: Hash with a list of tables and chains in it to preserve # Example: {'nat' => ['PREROUTING', 'POSTROUTING']} class ferm ( - Boolean $manage_service, - Boolean $manage_configfile, - Boolean $manage_initfile, Stdlib::Absolutepath $configfile, Stdlib::Absolutepath $configdirectory, - Boolean $disable_conntrack, - Ferm::Policies $forward_policy, - Ferm::Policies $output_policy, - Ferm::Policies $input_policy, - Boolean $forward_log_dropped_packets, - Boolean $output_log_dropped_packets, - Boolean $input_log_dropped_packets, - Hash $rules, - Hash $chains, - Array[Enum['ip','ip6']] $ip_versions, - Hash[String[1],Array[String[1]]] $preserve_chains_in_tables, + Boolean $manage_service = false, + Boolean $manage_configfile = false, + Boolean $manage_initfile = false, + Boolean $disable_conntrack = false, + Ferm::Policies $forward_policy = 'DROP', + Ferm::Policies $output_policy = 'ACCEPT', + Ferm::Policies $input_policy = 'DROP', + Boolean $forward_log_dropped_packets = false, + Boolean $output_log_dropped_packets = false, + Boolean $input_log_dropped_packets = false, + Hash $rules = {}, + Hash $chains = {}, + Array[Enum['ip','ip6']] $ip_versions = ['ip','ip6'], + Hash[String[1],Array[String[1]]] $preserve_chains_in_tables = {}, ) { contain ferm::install contain ferm::config |