Resource Type: ip6tables_optimize

Properties

optimize (defaults to: true)

Whether or not to optimize
Supported values:
- true
- false

Parameters

disable (defaults to: false)

This is a way to authoritatively disable the application of the iptables module.
Supported values:
- true
- false
ignore
Ignore all running iptables rules matching one or more provided Ruby regexes. The regexes are compared against the jump and chain options, as well as the interface name of the running rules and excluded from the synchronization comparison against the new rules.

!!Do not include the beginning and ending slashes in your regular expressions.!!

NOTE: If a rule has been added or removed, this setting ignored and ip6tables will be restarted! If you have services which are affected by this, make sure that they subscribe to Service and/or Service as appropriate.

Examples:
```
# Preserve all rules whose chain begins with the word 'foo'
ignore => '^foo'

# Preserve all rules whose chain begins with the word 'foo' or
# ends with the word 'bar'
ignore => ['^foo','bar$']
```
name (namevar)

A name variable, doesn’t really do anything
precise_match (defaults to: true)
Instead of matching rule counts, perform a more precise match against the running and to-be-applied rules. You may find that minor changes, such as a simple netmask change will not be enforced without enabling this option.

This is enabled by default because it is a more correct approach.
- NOTE: You MUST use the exact same syntax that will be returned by ‘ip6tables-save` if you enable this option!
- For example, you cannot write ‘echo-request` for an ICMP echo match, you must instead use `8`.
Supported values:
- true
- false
provider

The specific backend to use for this ‘ip6tables_optimize` resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.

Overview