3 files changed, 19 insertions, 0 deletions

diff --git a/REFERENCE.md b/REFERENCE.md
index d9adadb..62a5d3b 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -151,6 +151,14 @@ A hash that holds all data for ferm::rule
 Default value: Empty Hash
 Allowed value: Any Hash
 
+##### `chains`
+
+Data type: `Hash`
+
+A hash that holds all data for ferm::chain
+Default value: Empty Hash
+Allowed value: Any Hash
+
 ##### `forward_log_dropped_packets`
 
 Data type: `Boolean`
diff --git a/data/common.yaml b/data/common.yaml
index d40c155..34392e9 100644
--- a/data/common.yaml
+++ b/data/common.yaml
@@ -10,6 +10,7 @@ ferm::forward_policy: DROP
 ferm::output_policy: ACCEPT
 ferm::preserve_chains_in_tables: {}
 ferm::rules: {}
+ferm::chains: {}
 ferm::input_log_dropped_packets: false
 ferm::forward_log_dropped_packets: false
 ferm::output_log_dropped_packets: false
diff --git a/manifests/init.pp b/manifests/init.pp
index d2251c9..2f5e1ef 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -55,6 +55,9 @@
 # @param rules A hash that holds all data for ferm::rule
 #   Default value: Empty Hash
 #   Allowed value: Any Hash
+# @param chains A hash that holds all data for ferm::chain
+#   Default value: Empty Hash
+#   Allowed value: Any Hash
 # @param forward_log_dropped_packets Enable/Disable logging in the FORWARD chain of packets to the kernel log, if no explicit chain matched
 #   Default value: false
 #   Allowed values: (true|false)
@@ -84,6 +87,7 @@ class ferm (
   Boolean $output_log_dropped_packets,
   Boolean $input_log_dropped_packets,
   Hash $rules,
+  Hash $chains,
   Array[Enum['ip','ip6']] $ip_versions,
   Hash[String[1],Array[String[1]]] $preserve_chains_in_tables,
 ) {
@@ -98,6 +102,12 @@ class ferm (
   Ferm::Chain <| |>
   ~> Class['ferm::service']
 
+  $chains.each |$chainname, $attributes| {
+    ferm::chain{$chainname:
+      * => $attributes,
+    }
+  }
+
   $rules.each |$rulename, $attributes| {
     ferm::rule{$rulename:
       * => $attributes,