Firewall module to use with iptables
Puppet
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
manifests
templates
README.md

README.md

puppet firewall

Basic firewall module to use with iptables

To create a new firewall rule, use the firewall::rule definition:

include firewall

firewall::rule { "allow_from_webserver":
  order     => 20,
  comment   => "Allow ping and snmp from webserver",
  sources   => [ "192.168.1.100" ],
  interface => [ "eth0", "eth1" ],
  protocols => [ "tcp", "udp", "icmp" ],
  ports     => [ "161" ],
  action    => "ACCEPT",
}

this rule will allow snmp(tcp and udp) and ping from 192.168.1.100

Allowed parameters:

  • order - The order of preference for this rule from 00 to 99. By default 50
  • comment - Description of what the rule does. Not mandatory but strongly recommended
  • sources - Sources specification for the rule. It can be either a network name, a hostname a network IP address (with /mask), or a plain IP address. Use 0.0.0.0/0 for "ALL". It can contain one or multiple elements into an array.
  • interfaces - Interface or interface where the rule will be applied to. It can contain one or multiple elements into an array.
  • protocols - Protocol or protocols where to apply the rule. It can be "tcp", "udp" or "icmp". It can contain one or multiple elements into an array.
  • ports - Ports where to apply the rule. It can contain one or multiple elements into an array.
  • action - What to do. If ommited will use ACCEPT as a default. It can also contain DROP or REJECT.