Skip to content

Commit

Permalink
Merge pull request voxpupuli#43 from cernops/doc_typos
Browse files Browse the repository at this point in the history
Fix typos and formatting in the README
traylenator authored Dec 9, 2020

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
2 parents c4b1b93 + 1330c27 commit 139ec11
Showing 1 changed file with 6 additions and 5 deletions.
11 changes: 6 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,16 +1,16 @@
# nftables puppet module

This module manages an opinionated nftables configuration
This module manages an opinionated nftables configuration.

By default it sets up a firewall that drops every incoming
and outgoing connection.

It only allows outgoing dns, ntp and web and ingoing ssh
traffic.
traffic, although this can be overridden using parameters.

The config file has a inet filter and a ip nat table setup.

Additionally, the module comes with a basic infrastrcuture
Additionally, the module comes with a basic infrastructure
to hook into different places.

## nftables config
@@ -37,12 +37,13 @@ configured to which you can easily add your custom rules.
For specific needs you can add your own chain.

There is a global chain, that defines the default behavior
for all masterchains.
for all masterchains. This chain is empty by default.

INPUT and OUTPUT to the loopback device is allowed by
default, though you could restrict it later.

### Rules Validation

Initially puppet deploys all configuration to
`/etc/nftables/puppet-preflight/` and
`/etc/nftables/puppet-preflight.nft`. This is validated with
@@ -80,7 +81,7 @@ The rule will be a `concat::fragment` to the chain

You can define the order by using the `order` param.

## nftsables::set
## nftables::set

Adds a named set to a given table. It allows composing the
set using individual parameters but also takes raw input

0 comments on commit 139ec11

Please sign in to comment.