aboutsummaryrefslogtreecommitdiff
path: root/manifests/init.pp
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/init.pp')
-rw-r--r--manifests/init.pp59
1 files changed, 14 insertions, 45 deletions
diff --git a/manifests/init.pp b/manifests/init.pp
index 2f5e1ef..d8fd06a 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -26,70 +26,39 @@
# }
#
# @param manage_service Disable/Enable the management of the ferm daemon
-# Default value: false
-# Allowed values: (true|false)
# @param manage_configfile Disable/Enable the management of the ferm default config
-# Default value: false
-# Allowed values: (true|false)
# @param manage_initfile Disable/Enable the management of the ferm init script for RedHat-based OS
-# Default value: false
-# Allowed values: (true|false)
# @param configfile Path to the config file
-# Default value: /etc/ferm.conf
-# Allowed values: Stdlib::Absolutepath
# @param configdirectory Path to the directory where the module stores ferm configuration files
-# Default value: /etc/ferm.d or /etc/ferm/ferm.d
-# Allowed values: Stdlib::Absolutepath
# @param disable_conntrack Disable/Enable the generation of conntrack rules
-# Default value: false
-# Allowed values: (true|false)
# @param forward_policy Default policy for the FORWARD chain
-# Default value: DROP
-# Allowed values: (ACCEPT|DROP)
# @param output_policy Default policy for the OUTPUT chain
-# Default value: ACCEPT
-# Allowed values: (ACCEPT|DROP)
# @param input_policy Default policy for the INPUT chain
-# Default value: DROP
-# Allowed values: (ACCEPT|DROP)
# @param rules A hash that holds all data for ferm::rule
-# Default value: Empty Hash
-# Allowed value: Any Hash
# @param chains A hash that holds all data for ferm::chain
-# Default value: Empty Hash
-# Allowed value: Any Hash
# @param forward_log_dropped_packets Enable/Disable logging in the FORWARD chain of packets to the kernel log, if no explicit chain matched
-# Default value: false
-# Allowed values: (true|false)
# @param output_log_dropped_packets Enable/Disable logging in the OUTPUT chain of packets to the kernel log, if no explicit chain matched
-# Default value: false
-# Allowed values: (true|false)
# @param input_log_dropped_packets Enable/Disable logging in the INPUT chain of packets to the kernel log, if no explicit chain matched
-# Default value: false
-# Allowed values: (true|false)
# @param ip_versions Set list of versions of ip we want ot use.
-# Default value: ['ip', 'ip6']
# @param preserve_chains_in_tables Hash with table:chains[] to use ferm @preserve for
-# Default value: Empty Hash
-# Allowed values: Hash with a list of tables and chains in it to preserve
# Example: {'nat' => ['PREROUTING', 'POSTROUTING']}
class ferm (
- Boolean $manage_service,
- Boolean $manage_configfile,
- Boolean $manage_initfile,
Stdlib::Absolutepath $configfile,
Stdlib::Absolutepath $configdirectory,
- Boolean $disable_conntrack,
- Ferm::Policies $forward_policy,
- Ferm::Policies $output_policy,
- Ferm::Policies $input_policy,
- Boolean $forward_log_dropped_packets,
- Boolean $output_log_dropped_packets,
- Boolean $input_log_dropped_packets,
- Hash $rules,
- Hash $chains,
- Array[Enum['ip','ip6']] $ip_versions,
- Hash[String[1],Array[String[1]]] $preserve_chains_in_tables,
+ Boolean $manage_service = false,
+ Boolean $manage_configfile = false,
+ Boolean $manage_initfile = false,
+ Boolean $disable_conntrack = false,
+ Ferm::Policies $forward_policy = 'DROP',
+ Ferm::Policies $output_policy = 'ACCEPT',
+ Ferm::Policies $input_policy = 'DROP',
+ Boolean $forward_log_dropped_packets = false,
+ Boolean $output_log_dropped_packets = false,
+ Boolean $input_log_dropped_packets = false,
+ Hash $rules = {},
+ Hash $chains = {},
+ Array[Enum['ip','ip6']] $ip_versions = ['ip','ip6'],
+ Hash[String[1],Array[String[1]]] $preserve_chains_in_tables = {},
) {
contain ferm::install
contain ferm::config