Puppet Class: ferm

Defined in:

manifests/init.pp

Overview

Class: ferm

This class manages ferm installation and rule generation on modern linux systems

class{'ferm': manage_service => true, }

Examples:

deploy ferm and start it

Parameters:

• manage_service (Boolean) —

  disable/enable the management of the ferm daemon Default value: false Allowed values: (true|false)

• manage_configfile (Boolean) —

  disable/enable the management of the ferm default config Default value: false Allowed values: (true|false)

• configfile (Stdlib::Absolutepath) —

  path to the config file Default value: /etc/ferm.conf Allowed values: Stdlib::Absolutepath

• disable_conntrack (Boolean) —

  disable/enable the generation of conntrack rules Default value: false Allowed values: (true|false)

• forward_policy (Ferm::Policies) —

  default policy for the FORWARD chain Default value: DROP Allowed values: (ACCEPT|DROP|REJECT)

• output_policy (Ferm::Policies) —

  default policy for the OUTPUT chain Default value: ACCEPT Allowed values: (ACCEPT|DROP|REJECT)

• input_policy (Ferm::Policies) —

  default policy for the INPUT chain Default value: DROP Allowed values: (ACCEPT|DROP|REJECT)

• rules (Hash) —

  a hash that holds all data for ferm::rule Default value: Empty Hash Allowed value: Any Hash

# File 'manifests/init.pp', line 34

class ferm (
  Boolean $manage_service,
  Boolean $manage_configfile,
  Stdlib::Absolutepath $configfile,
  Boolean $disable_conntrack,
  Ferm::Policies $forward_policy,
  Ferm::Policies $output_policy,
  Ferm::Policies $input_policy,
  Hash $rules,
) {
  contain ferm::install
  contain ferm::config
  contain ferm::service

  Class['ferm::install']
  -> Class['ferm::config']
  ~> Class['ferm::service']

  $rules.each |$rulename, $attributes| {
    ferm::rule{$rulename:
      * => $attributes,
    }
  }
  # import all exported resources with ferm rules for this node
  Ferm::Rule <<| tag == $trusted['certname'] |>>
}