From: Peter Palfrader Date: Wed, 25 Sep 2019 11:41:15 +0000 (+0200) Subject: Document ferm::rule::simple X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=07fe65453e73da6bce698a83e2f4cc8143d3c583;p=mirror%2Fdsa-puppet.git Document ferm::rule::simple --- diff --git a/modules/ferm/manifests/rule/simple.pp b/modules/ferm/manifests/rule/simple.pp index f3a058d21..8afe3087e 100644 --- a/modules/ferm/manifests/rule/simple.pp +++ b/modules/ferm/manifests/rule/simple.pp @@ -1,4 +1,38 @@ -# a plain, simple ferm rule +# A simple ferm rule. +# +# This rule will send IPv4 and/or IPv6 traffic using either TCP and/or UDP +# optionally going to a port, optionally from/to addresses/networks from +# one table (INPUT by default) to some target (ACCEPT by default). +# +# Sample uses: +# +# ferm::rule::simple { '01-dsa-bind': +# description => 'Allow nameserver access', +# proto => ['udp', 'tcp'], +# port => 'domain', +# } +# +# or: +# +# ferm::rule::simple { 'dsa-smtp': +# description => 'Allow smtp access from the world', +# port => '25', +# } +# +# or: +# +# @@ferm::rule::simple { "submission-from-${::fqdn}": +# tag => 'smtp::server::submission::to::mail-relay', +# chain => 'submission', +# saddr => $base::public_addresses, +# } +# combined with: +# ferm::rule::simple { 'submission-from-satellites': +# target => 'submission', +# port => 'submission', +# } +# Ferm::Rule::Simple <<| tag == 'smtp::server::submission::to::mail-relay' |>> +# # # @param proto tcp or udp or both. # @param port one or more ports or port ranges.