Puppet Class: cis_security_hardening::rules::nftables_service

Defined in:
manifests/rules/nftables_service.pp

Summary

Ensure nftables service is enabled

Overview

The nftables service allows for the loading of nftables rulesets during boot, or starting of the nftables service.

Rationale: The nftables service restores the nftables rules from the rules files referenced in the /etc/sysconfig/nftables.conf file durring boot or the starting of the nftables service

Examples:

class { 'cis_security_hardening::rules::nftables_service':
    enforce => true,
}

Parameters:

  • enforce (Boolean) (defaults to: false)

    Enforce the rule



19
20
21
22
23
24
25
26
27
28
29
30
31
 
# File 'manifests/rules/nftables_service.pp', line 19

class cis_security_hardening::rules::nftables_service (
  Boolean $enforce = false,
) {
  if $enforce {
    if(!defined(Service['nftables'])) {
      ensure_resource('service', ['nftables'], {
          ensure  => running,
          enable  => true,
          require => Package['nftables'],
      })
    }
  }
}