# Reference
<!-- DO NOT EDIT: This document was generated by Puppet Strings -->

## Table of Contents

**Classes**

_Public Classes_

* [`ferm`](#ferm): Class: ferm  This class manages ferm installation and rule generation on modern linux systems  class{'ferm':   manage_service => true,   ip_v

_Private Classes_

* `ferm::config`: This class handles the configuration file. Avoid modifying private classes.
* `ferm::install`: This class handles the configuration file. Avoid modifying private classes.
* `ferm::service`: This class handles the configuration file. Avoid modifying private classes.

**Defined types**

* [`ferm::chain`](#fermchain): defined resource which creates all rules for one chain
* [`ferm::rule`](#fermrule): defined resource which creates a single rule in a specific chain

## Classes

### ferm

Class: ferm

This class manages ferm installation and rule generation on modern linux systems

class{'ferm':
  manage_service => true,
  ip_versions    =>  ['ip6'],
}

#### Examples

##### deploy ferm and start it, on node with only ipv6 enabled

```puppet

```

#### Parameters

The following parameters are available in the `ferm` class.

##### `manage_service`

Data type: `Boolean`

Disable/Enable the management of the ferm daemon
Default value: false
Allowed values: (true|false)

##### `manage_configfile`

Data type: `Boolean`

Disable/Enable the management of the ferm default config
Default value: false
Allowed values: (true|false)

##### `manage_initfile`

Data type: `Boolean`

Disable/Enable the management of the ferm init script for RedHat-based OS
Default value: false
Allowed values: (true|false)

##### `configfile`

Data type: `Stdlib::Absolutepath`

Path to the config file
Default value: /etc/ferm.conf
Allowed values: Stdlib::Absolutepath

##### `disable_conntrack`

Data type: `Boolean`

Disable/Enable the generation of conntrack rules
Default value: false
Allowed values: (true|false)

##### `forward_policy`

Data type: `Ferm::Policies`

Default policy for the FORWARD chain
Default value: DROP
Allowed values: (ACCEPT|DROP|REJECT)

##### `output_policy`

Data type: `Ferm::Policies`

Default policy for the OUTPUT chain
Default value: ACCEPT
Allowed values: (ACCEPT|DROP|REJECT)

##### `input_policy`

Data type: `Ferm::Policies`

Default policy for the INPUT chain
Default value: DROP
Allowed values: (ACCEPT|DROP|REJECT)

##### `rules`

Data type: `Hash`

A hash that holds all data for ferm::rule
Default value: Empty Hash
Allowed value: Any Hash

##### `forward_log_dropped_packets`

Data type: `Boolean`

Enable/Disable logging in the FORWARD chain of packets to the kernel log, if no explicit chain matched
Default value: false
Allowed values: (true|false)

##### `output_log_dropped_packets`

Data type: `Boolean`

Enable/Disable logging in the OUTPUT chain of packets to the kernel log, if no explicit chain matched
Default value: false
Allowed values: (true|false)

##### `input_log_dropped_packets`

Data type: `Boolean`

Enable/Disable logging in the INPUT chain of packets to the kernel log, if no explicit chain matched
Default value: false
Allowed values: (true|false)

##### `ip_versions`

Data type: `Array[Enum['ip','ip6']]`

Set list of versions of ip we want ot use.
Default value: ['ip', 'ip6']

## Defined types

### ferm::chain

defined resource which creates all rules for one chain

#### Parameters

The following parameters are available in the `ferm::chain` defined type.

##### `policy`

Data type: `Ferm::Policies`

Set the default policy for a CHAIN

##### `disable_conntrack`

Data type: `Boolean`

Disable/Enable usage of conntrack

##### `chain`

Data type: `Ferm::Chains`

Name of the chain that should be managed

Default value: $name

##### `log_dropped_packets`

Data type: `Boolean`

Enable/Disable logging of packets to the kernel log, if no explicit chain matched

### ferm::rule

defined resource which creates a single rule in a specific chain

#### Parameters

The following parameters are available in the `ferm::rule` defined type.

##### `chain`

Data type: `Ferm::Chains`

Configure the chain where we want to add the rule

##### `policy`

Data type: `Ferm::Policies`

Configure what we want to do with the packet (drop, accept, log...)

##### `proto`

Data type: `Ferm::Protocols`

Which protocol do we want to match, typically UDP or TCP

##### `comment`

Data type: `String`

A comment that will be added to the ferm config and to ip{,6}tables

Default value: $name

##### `dport`

Data type: `Optional[Variant[Stdlib::Port,String[1]]]`

The destination port, can be a range as string or a single port number as integer

Default value: `undef`

##### `sport`

Data type: `Optional[Variant[Stdlib::Port,String[1]]]`

The source port, can be a range as string or a single port number as integer

Default value: `undef`

##### `saddr`

Data type: `Optional[String[1]]`

The source address we want to match

Default value: `undef`

##### `daddr`

Data type: `Optional[String[1]]`

The destination address we want to match

Default value: `undef`

##### `proto_options`

Data type: `Optional[String[1]]`

Optional parameters that will be passed to the protocol (for example to match specific ICMP types)

Default value: `undef`

##### `ensure`

Data type: `Enum['absent','present']`

Set the rule to present or absent

Default value: 'present'