Skip to content

Latest commit

 

History

History
263 lines (146 loc) · 5.47 KB

REFERENCE.md

File metadata and controls

263 lines (146 loc) · 5.47 KB

Reference

Table of Contents

Classes

  • ipsets: Calling sub calls.
  • ipsets::config: Class used to configure ipsets, should not be called directly.
  • ipsets::install: Class to install everything, should not be called directory.
  • ipsets::params: Sets parameters for the main ipsets class. Should not be called directly.

Defined types

Classes

ipsets

Main class of this module which calls all other sub classes. This class must always be called before calling any other class or type.

Examples

include ipsets

Parameters

The following parameters are available in the ipsets class.

export_enable

Data type: Boolean

When enabled a cron job will be created that exports the ipsets to the export path.

Default value: $ipsets::params::export_enable

manage_webserver

Data type: Boolean

Enabled by default. When enabled, this will run the apache module and create some vhosts.

Default value: $ipsets::params::manage_webserver

webroot

Data type: Stdlib::Unixpath

Absoluth path towards the directory where the html files will be stored. Or where the export file will be placed.

Default value: $ipsets::params::webroot

servername

Data type: String

If the webserver is managed by this module, use this to set the servername. Default is fqdn.

Default value: $ipsets::params::servername

ssl_cert

Data type: Stdlib::Unixpath

Use this to specify the path of the ssl_cert. Defaults to /etc/ssl/certs/ssl-cert-snakeoil.pem.

Default value: $ipsets::params::ssl_cert

ssl_key

Data type: Stdlib::Unixpath

Use this to specify the path of the ssl_key. Defaults to /etc/ssl/private/ssl-cert-snakeoil.key.

Default value: $ipsets::params::ssl_key

ssl_enable

Data type: Boolean

If the webserver is managed by this module this setting can be used to either enable or disable SSL. By default this setting is set to true.

Default value: $ipsets::params::ssl_enable

firehol_downloadurl

Data type: String

Specify the download location of the firehol source.

Default value: $ipsets::params::firehol_downloadurl

iprange_downloadurl

Data type: String

Specify the download location of the iprange source.

Default value: $ipsets::params::iprange_downloadurl

user

Data type: String

Specify as which user the application must run. Defaults to ipsets. It is possible to run as root, but no recommanded. The user will be created by this module.

Default value: $ipsets::params::user

user_home

Data type: String

Specify the home directory of the user. Ipsets will place files in the homedirectory.

Default value: $ipsets::params::user_home

group

Data type: String

Specify the primary group of the user. Will be created. Defaults to ipsets.

Default value: $ipsets::params::group

cron

Data type: String

Specify the cron string in the format '* * * * *'. Defaults to every 9 minutes.

Default value: $ipsets::params::cron

ipsets::config

This class configures ipsets

ipsets::install

This class installs everything

ipsets::params

Set all the parameters for the ipsets class

Defined types

ipsets::export_exclude

Generates entries in the export concat

Examples

ipsets::export_exclude { 'iblocklist_edu*':
  description => 'Education networks',
}

Parameters

The following parameters are available in the ipsets::export_exclude defined type.

description

Data type: String

a description in the exclude file so it is clear why it is disabled

ipsets::ip_list

Add additional iplists to ipsets.

Examples

ipsets::ip_list { 'dshield':
  mins           => 5,
  aggregation    => 0,
  keep           => 'both',
  url            => 'https://www.dshield.org/block.txt',
  processor      => trim,
  category       => 'attack',
  info           => 'Dshield blocklist',
  maintainer     => 'Internet Storm Shield',
  maintainer_url => 'https://www.dshield.org/',
}

Parameters

The following parameters are available in the ipsets::ip_list defined type.

mins

Data type: Variant[String, Integer]

The amount of minutes for the source to be refreshed. Can also be math: mins => '"$[24*60]"'

aggregation

Data type: Variant[String, Integer]

Some source do not keep a backlog. Specify if ipsets has to do this. For example to get a backlog for 7d and 30d aggregation => '"$[24607] $[246030]"'

keep

Data type: Ipsets::Ip_list::Keep

specify what to keep, either the ips or only the networks.

url

Data type: Stdlib::Httpurl

the url to download the ip_list

processor

Data type: String

Firehol has a list of processors. See https://github.com/firehol/blocklist-ipsets/wiki/Extending-update-ipsets

category

Data type: Ipsets::Ip_list::Category

Specify the category of how the ip_list should be displayed. See https://github.com/firehol/blocklist-ipsets/wiki/Extending-update-ipsets for then full list

info

Data type: String

A brief description of the source.

maintainer

Data type: String

The maintainer of the source.

maintainer_url

Data type: Stdlib::Httpurl

The url to the maintainers website.