No description, website, or topics provided.
Switch branches/tags
Nothing to show
Pull request Compare This branch is 22 commits ahead, 7 commits behind TheSpend:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.

Puppet UFW Module

Module for configuring UFW (Uncomplicated Firewall).

Tested on Debian GNU/Linux 6.0 Squeeze and Ubuntu 10.4 LTS with Puppet 2.6. Patches for other operating systems are welcome.


Clone this repo to a ufw directory under your Puppet modules directory:

git clone git:// ufw

If you don't have a Puppet Master you can create a manifest file based on the notes below and run Puppet in stand-alone mode providing the module directory you cloned this repo to:

puppet apply --modulepath=modules test_ufw.pp


If you include the ufw class the package will be installed, the service will be enabled, and all incomming connections will be denied:

include ufw

Note that you'll need to define a global search path for the exec resource to make this module function properly. This should ideally be placed in manifests/site.pp:

Exec {
  path => "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",

You can then allow certain connections:

ufw::allow { "allow-ssh-from-all":
  port => 22,

ufw::allow { "allow-all-from-trusted":
  from => "",

ufw::allow { "allow-http-on-specific-interface":
  port => 80,
  ip => "",

ufw::allow { "allow-dns-over-udp":
  port => 53,
  proto => "udp",

You can also rate limit certain ports (the IP is blocked if it initiates 6 or more connections within 30 seconds):

ufw::limit { 22: }