Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
A Puppet module for comprehensively managing tcpwrappers
Puppet Augeas Ruby
Branch: master

Merge pull request #3 from scmino/master

use flatten() not sum() see #1
latest commit 371d859570
@mpalmer mpalmer authored

README

###
### tcpwrappers
###

Overview
========

Manages hosts.allow and hosts.deny.


Usage
=====

tcpwrappers
-----------

    include tcpwrappers

Installs the default "ALL: ALL" hosts.deny entry.

tcpwrappers::allow
tcpwrappers::deny
------------------

    # Simple client specification
    tcpwrappers::allow { foo:
        daemon => "daemon",
        client => "192.0.2.0/24";
    }

    # With an exception specification
    tcpwrappers::allow { foo:
        daemon => "daemon",
        client => "ALL",
        except => "/etc/hosts.deny.inc";
    }

    # tcpwrappers::deny accepts the same parameters

    # Example to block everything apart from ssh from two networks
    tcpwrappers::deny  { deny: daemon =>  "ALL", client => "ALL" }
    tcpwrappers::allow { allow1: daemon => "sshd", client => "10.1.2.0/24"; }
    tcpwrappers::allow { allow2: daemon => "sshd", client => "172.17.16.0/24"; }


Adds the specified entry to hosts.allow or hosts.deny respectively.
The namevar is not significant.

The following parameters are available:

  ensure
    Whether the entry should be "present" or "absent".
  daemon
    The identifier supplied to libwrap by the daemon, often just the
    process name.
  client
    The client specification to be added.
  except (optional)
    Another client specification, acting as a filter for the first
    client specifiction.

The $client and $except parameters must have one of the following forms:

  FQDN:          example.com
  Domain suffix: .example.com
  IP address:    192.0.2.1
  IP prefix:     192. 192.0. 192.0.2.
  IP range:      192.0.2.0/24 192.0.2.0/255.255.255.0
  Filename:      /path/to/file.acl
  Keyword:       ALL LOCAL PARANOID

The client specification will be normalized before being matched against
or added to the existing entries in hosts.allow/hosts.deny.


See also
========

hosts.allow(5)
Something went wrong with that request. Please try again.