Skip to content

fr3nd/puppet-firewall

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 

puppet firewall

Basic firewall module to use with iptables

To create a new firewall rule, use the firewall::rule definition:

include firewall

firewall::rule { "allow_from_webserver":
  order     => 20,
  comment   => "Allow ping and snmp from webserver",
  sources   => [ "192.168.1.100" ],
  interface => [ "eth0", "eth1" ],
  protocols => [ "tcp", "udp", "icmp" ],
  ports     => [ "161" ],
  action    => "ACCEPT",
}

this rule will allow snmp(tcp and udp) and ping from 192.168.1.100

Allowed parameters:

  • order - The order of preference for this rule from 00 to 99. By default 50
  • comment - Description of what the rule does. Not mandatory but strongly recommended
  • sources - Sources specification for the rule. It can be either a network name, a hostname a network IP address (with /mask), or a plain IP address. Use 0.0.0.0/0 for "ALL". It can contain one or multiple elements into an array.
  • interfaces - Interface or interface where the rule will be applied to. It can contain one or multiple elements into an array.
  • protocols - Protocol or protocols where to apply the rule. It can be "tcp", "udp" or "icmp". It can contain one or multiple elements into an array.
  • ports - Ports where to apply the rule. It can contain one or multiple elements into an array.
  • action - What to do. If ommited will use ACCEPT as a default. It can also contain DROP or REJECT.

About

Firewall module to use with iptables

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages