--- /dev/null
+# Reference
+<!-- DO NOT EDIT: This document was generated by Puppet Strings -->
+
+## Table of Contents
+
+**Classes**
+
+_Public Classes_
+
+* [`ferm`](#ferm): Class: ferm This class manages ferm installation and rule generation on modern linux systems class{'ferm': manage_service => true, }
+
+_Private Classes_
+
+* `ferm::config`: This class handles the configuration file. Avoid modifying private classes.
+* `ferm::install`: This class handles the configuration file. Avoid modifying private classes.
+* `ferm::service`: This class handles the configuration file. Avoid modifying private classes.
+
+**Defined types**
+
+* [`ferm::chain`](#fermchain): defined resource which creates all rules for one chain
+* [`ferm::rule`](#fermrule): defined resource which creates a single rule in a specific chain
+
+## Classes
+
+### ferm
+
+Class: ferm
+
+This class manages ferm installation and rule generation on modern linux systems
+
+class{'ferm':
+ manage_service => true,
+}
+
+#### Examples
+
+##### deploy ferm and start it
+
+```puppet
+
+```
+
+#### Parameters
+
+The following parameters are available in the `ferm` class.
+
+##### `manage_service`
+
+Data type: `Boolean`
+
+Disable/Enable the management of the ferm daemon
+Default value: false
+Allowed values: (true|false)
+
+##### `manage_configfile`
+
+Data type: `Boolean`
+
+Disable/Enable the management of the ferm default config
+Default value: false
+Allowed values: (true|false)
+
+##### `configfile`
+
+Data type: `Stdlib::Absolutepath`
+
+Path to the config file
+Default value: /etc/ferm.conf
+Allowed values: Stdlib::Absolutepath
+
+##### `disable_conntrack`
+
+Data type: `Boolean`
+
+Disable/Enable the generation of conntrack rules
+Default value: false
+Allowed values: (true|false)
+
+##### `forward_policy`
+
+Data type: `Ferm::Policies`
+
+Default policy for the FORWARD chain
+Default value: DROP
+Allowed values: (ACCEPT|DROP|REJECT)
+
+##### `output_policy`
+
+Data type: `Ferm::Policies`
+
+Default policy for the OUTPUT chain
+Default value: ACCEPT
+Allowed values: (ACCEPT|DROP|REJECT)
+
+##### `input_policy`
+
+Data type: `Ferm::Policies`
+
+Default policy for the INPUT chain
+Default value: DROP
+Allowed values: (ACCEPT|DROP|REJECT)
+
+##### `rules`
+
+Data type: `Hash`
+
+A hash that holds all data for ferm::rule
+Default value: Empty Hash
+Allowed value: Any Hash
+
+##### `forward_log_dropped_packets`
+
+Data type: `Boolean`
+
+Enable/Disable logging in the FORWARD chain of packets to the kernel log, if no explicit chain matched
+Default value: false
+Allowed values: (true|false)
+
+##### `output_log_dropped_packets`
+
+Data type: `Boolean`
+
+Enable/Disable logging in the OUTPUT chain of packets to the kernel log, if no explicit chain matched
+Default value: false
+Allowed values: (true|false)
+
+##### `input_log_dropped_packets`
+
+Data type: `Boolean`
+
+Enable/Disable logging in the INPUT chain of packets to the kernel log, if no explicit chain matched
+Default value: false
+Allowed values: (true|false)
+
+## Defined types
+
+### ferm::chain
+
+defined resource which creates all rules for one chain
+
+#### Parameters
+
+The following parameters are available in the `ferm::chain` defined type.
+
+##### `policy`
+
+Data type: `Ferm::Policies`
+
+Set the default policy for a CHAIN
+
+##### `disable_conntrack`
+
+Data type: `Boolean`
+
+Disable/Enable usage of conntrack
+
+##### `chain`
+
+Data type: `Ferm::Chains`
+
+Name of the chain that should be managed
+
+Default value: $name
+
+##### `log_dropped_packets`
+
+Data type: `Boolean`
+
+Enable/Disable logging of packets to the kernel log, if no explicit chain matched
+
+### ferm::rule
+
+defined resource which creates a single rule in a specific chain
+
+#### Parameters
+
+The following parameters are available in the `ferm::rule` defined type.
+
+##### `chain`
+
+Data type: `Ferm::Chains`
+
+Configure the chain where we want to add the rule
+
+##### `policy`
+
+Data type: `Ferm::Policies`
+
+Configure what we want to do with the packet (drop, accept, log...)
+
+##### `proto`
+
+Data type: `Ferm::Protocols`
+
+Which protocol do we want to match, typically UDP or TCP
+
+##### `comment`
+
+Data type: `String`
+
+A comment that will be added to the ferm config and to ip{,6}tables
+
+Default value: $name
+
+##### `dport`
+
+Data type: `Optional[Variant[Integer,String]]`
+
+The destination port, can be a range as string or a single port number as integer
+
+Default value: `undef`
+
+##### `sport`
+
+Data type: `Optional[Variant[Integer,String]]`
+
+The source port, can be a range as string or a single port number as integer
+
+Default value: `undef`
+
+##### `saddr`
+
+Data type: `Optional[String]`
+
+The source address we want to match
+
+Default value: `undef`
+
+##### `daddr`
+
+Data type: `Optional[String]`
+
+The destination address we want to match
+
+Default value: `undef`
+
+##### `proto_options`
+
+Data type: `Optional[String[1]]`
+
+Optional parameters that will be passed to the protocol (for example to match specific ICMP types)
+
+Default value: `undef`
+
+##### `ensure`
+
+Data type: `Enum['absent','present']`
+
+Set the rule to present or absent
+
+Default value: 'present'
+
# defined resource which creates all rules for one chain
-# @param policy [Ferm::Policies] Set the default policy for a CHAIN
-# @param disable_conntrack [Boolean] disable/enable usage of conntrack
-# @param chain [Ferm::Chains] name of the chain that should be managed
-# @param log_dropped_packets [Boolean] boolean to enable/disable logging of packets to the kernel log, if no explicit chain matched
+# @param policy Set the default policy for a CHAIN
+# @param disable_conntrack Disable/Enable usage of conntrack
+# @param chain Name of the chain that should be managed
+# @param log_dropped_packets Enable/Disable logging of packets to the kernel log, if no explicit chain matched
define ferm::chain (
Ferm::Policies $policy,
Boolean $disable_conntrack,
# manage_service => true,
# }
#
-# @param manage_service [Boolean] disable/enable the management of the ferm daemon
+# @param manage_service Disable/Enable the management of the ferm daemon
# Default value: false
# Allowed values: (true|false)
-# @param manage_configfile [Boolean] disable/enable the management of the ferm default config
+# @param manage_configfile Disable/Enable the management of the ferm default config
# Default value: false
# Allowed values: (true|false)
-# @param configfile [Stdlib::Absolutepath] path to the config file
+# @param configfile Path to the config file
# Default value: /etc/ferm.conf
# Allowed values: Stdlib::Absolutepath
-# @param disable_conntrack [Boolean] disable/enable the generation of conntrack rules
+# @param disable_conntrack Disable/Enable the generation of conntrack rules
# Default value: false
# Allowed values: (true|false)
-# @param forward_policy [Ferm::Policies] default policy for the FORWARD chain
+# @param forward_policy Default policy for the FORWARD chain
# Default value: DROP
# Allowed values: (ACCEPT|DROP|REJECT)
-# @param output_policy [Ferm::Policies] default policy for the OUTPUT chain
+# @param output_policy Default policy for the OUTPUT chain
# Default value: ACCEPT
# Allowed values: (ACCEPT|DROP|REJECT)
-# @param input_policy [Ferm::Policies] default policy for the INPUT chain
+# @param input_policy Default policy for the INPUT chain
# Default value: DROP
# Allowed values: (ACCEPT|DROP|REJECT)
-# @param rules a hash that holds all data for ferm::rule
+# @param rules A hash that holds all data for ferm::rule
# Default value: Empty Hash
# Allowed value: Any Hash
-# @param forward_log_dropped_packets boolean to enable/disable logging in the FORWARD chain of packets to the kernel log, if no explicit chain matched
+# @param forward_log_dropped_packets Enable/Disable logging in the FORWARD chain of packets to the kernel log, if no explicit chain matched
# Default value: false
# Allowed values: (true|false)
-# @param output_log_dropped_packets boolean to enable/disable logging in the OUTPUT chain of packets to the kernel log, if no explicit chain matched
+# @param output_log_dropped_packets Enable/Disable logging in the OUTPUT chain of packets to the kernel log, if no explicit chain matched
# Default value: false
# Allowed values: (true|false)
-# @param input_log_dropped_packets boolean to enable/disable logging in the INPUT chain of packets to the kernel log, if no explicit chain matched
+# @param input_log_dropped_packets Enable/Disable logging in the INPUT chain of packets to the kernel log, if no explicit chain matched
# Default value: false
# Allowed values: (true|false)
class ferm (
# defined resource which creates a single rule in a specific chain
-# @param chain [Ferm::Chains] configure the chain where we want to add the rule
-# @param policy [Ferm::Policies] configure what we want to do with the packet (drop, accept, log...)
-# @param proto [Ferm::Protocols] which protocol do we want to match, typically UDP or TCP
-# @param comment a comment that will be added to the ferm config and to ip{,6}tables
-# @param dport the destination port, can be a range as string or a single port number as integer
-# @param sport the source port, can be a range as string or a single port number as integer
-# @param saddr the source address we want to match
-# @param daddr the destination address we want to match
-# @param proto_options optional parameters that will be passed to the protocol (for example to match specific ICMP types)
-# @param ensure set the rule to present or absent
+# @param chain Configure the chain where we want to add the rule
+# @param policy Configure what we want to do with the packet (drop, accept, log...)
+# @param proto Which protocol do we want to match, typically UDP or TCP
+# @param comment A comment that will be added to the ferm config and to ip{,6}tables
+# @param dport The destination port, can be a range as string or a single port number as integer
+# @param sport The source port, can be a range as string or a single port number as integer
+# @param saddr The source address we want to match
+# @param daddr The destination address we want to match
+# @param proto_options Optional parameters that will be passed to the protocol (for example to match specific ICMP types)
+# @param ensure Set the rule to present or absent
define ferm::rule (
Ferm::Chains $chain,
Ferm::Policies $policy,
projects / puppet-ferm.git / commitdiff