Document ferm::rule::simple

diff --git a/modules/ferm/manifests/rule/simple.pp b/modules/ferm/manifests/rule/simple.pp
index f3a058d..8afe308 100644 (file)
--- a/modules/ferm/manifests/rule/simple.pp
+++ b/modules/ferm/manifests/rule/simple.pp
@@ -1,4 +1,38 @@
-# a plain, simple ferm rule
+# A simple ferm rule.
+#
+# This rule will send IPv4 and/or IPv6 traffic using either TCP and/or UDP
+# optionally going to a port, optionally from/to addresses/networks from
+# one table (INPUT by default) to some target (ACCEPT by default).
+#
+# Sample uses:
+#
+#     ferm::rule::simple { '01-dsa-bind':
+#       description => 'Allow nameserver access',
+#       proto       => ['udp', 'tcp'],
+#       port        => 'domain',
+#     }
+#
+#  or:
+#
+#     ferm::rule::simple { 'dsa-smtp':
+#       description => 'Allow smtp access from the world',
+#       port        => '25',
+#     }
+#
+#  or:
+#
+#     @@ferm::rule::simple { "submission-from-${::fqdn}":
+#      tag   => 'smtp::server::submission::to::mail-relay',
+#      chain => 'submission',
+#      saddr => $base::public_addresses,
+#    }
+#  combined with:
+#     ferm::rule::simple { 'submission-from-satellites':
+#       target => 'submission',
+#       port   => 'submission',
+#     }
+#     Ferm::Rule::Simple <<| tag == 'smtp::server::submission::to::mail-relay' |>>
+#
 #
 # @param proto  tcp or udp or both.
 # @param port   one or more ports or port ranges.