Forge Home

echoes_firewall

Puppet module to manage firewall rules

7,210 downloads

7,210 latest version

4.3 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Support the Puppet Community by contributing to this module

You are welcome to contribute to this module by suggesting new features, currency updates, or fixes. Every contribution is valuable to help ensure that the module remains compatible with the latest Puppet versions and continues to meet community needs. Complete the following steps:

  1. Review the module’s contribution guidelines and any licenses. Ensure that your planned contribution aligns with the author’s standards and any legal requirements.
  2. Fork the repository on GitHub, make changes on a branch of your fork, and submit a pull request. The pull request must clearly document your proposed change.

For questions about updating the module, contact the module’s author.

Version information

  • 0.1.0 (latest)
released Mar 30th 2016
This version is compatible with:
  • Puppet Enterprise >= 3.0.0 < 2015.4.0
  • Puppet >= 3.0.0 < 5.0.0
  • , , , , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'echoes-echoes_firewall', '0.1.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add echoes-echoes_firewall
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install echoes-echoes_firewall --version 0.1.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

echoes/echoes_firewall — version 0.1.0 Mar 30th 2016

echoes_firewall

[Build Status] (https://travis-ci.org/echoes-tech/puppet-echoes_firewall) [Flattr Button] (https://flattr.com/submit/auto?user_id=echoes&url=https://forge.puppetlabs.com/echoes/echoes_firewall&title=Puppet%20module%20to%20manage%20firewall%20rules&lang=en_GB&category=software "Puppet module to manage firewall rules")

Table of Contents

  1. Overview
  2. Module Description - What the module does and why it is useful
  3. Setup - The basics of getting started with firewall
  4. Usage - Configuration options and additional functionality
  5. Reference - An under-the-hood peek at what the module is doing and how
  6. Limitations - OS compatibility, etc.
  7. Development - Guide for contributing to the module
  8. Contributors

Overview

Puppet module to manage firewall rules.

Module Description

This module is an implementation of the recommendations of the puppetlabs-firewall module. See more: https://forge.puppetlabs.com/puppetlabs/firewall#beginning-with-firewall

Setup

Beginning with firewall

include 'echoes_firewall'

Usage

Allow SSH for only one IPv4

class { echoes_firewall:
  allow_ipv4_for_ssh => [ '192.168.1.1' ],
}

Reference

Classes

Public Classes

  • echoes_firewall: Main class, includes all other classes.

Private classes

  • echoes_firewall::post: Handles the last rules for IPv4.
  • echoes_firewall::post_ipv6: Handles the last rules for IPv6.
  • echoes_firewall::pre: Handles the first rules for IPv4.
  • echoes_firewall::pre_ipv6: Handles the first rules for IPv6.

Parameters

The following parameters are available in the ::echoes_firewall class:

allow_icmp

Specifies whether ICMP is allowed. Valid options: boolean. Default value: false

allow_icmpv6

Specifies whether ICMPv6 is allowed. Valid options: boolean. Default value: false

ipv4_allow_addr_for_ssh

Specifies which IPv4 addresses are allowed to established a SSH connection. Valid options: array. Default value: []

ipv6_allow_addr_for_ssh

Specifies which IPv6 addresses are allowed to established a SSH connection. Valid options: array. Default value: []

ipv4_forward_ensure

Specifies whether the IPv4 forward firewall chain is present. Valid options: 'present' or 'absent'. Default value: present

ipv4_forward_policy

Specifies the action the packet will perform when the end of the the IPv4 forward firewall chain is reached. Valid options: 'accept', 'drop', 'queue' or 'return'. Default value: 'drop'

ipv4_input_ensure

Specifies whether the IPv4 input firewall chain is present. Valid options: 'present' or 'absent'. Default value: present

ipv4_input_policy

Specifies the action the packet will perform when the end of the the IPv4 input firewall chain is reached. Valid options: 'accept', 'drop', 'queue' or 'return'. Default value: 'drop'

ipv4_output_ensure

Specifies whether the IPv4 output firewall chain is present. Valid options: 'present' or 'absent'. Default value: present

ipv4_output_policy

Specifies the action the packet will perform when the end of the the IPv4 output firewall chain is reached. Valid options: 'accept', 'drop', 'queue' or 'return'. Default value: 'drop'

ipv6_forward_ensure

Specifies whether the IPv6 forward firewall chain is present. Valid options: 'present' or 'absent'. Default value: present

ipv6_forward_policy

Specifies the action the packet will perform when the end of the the IPv6 forward firewall chain is reached. Valid options: 'accept', 'drop', 'queue' or 'return'. Default value: 'drop'

ipv6_input_ensure

Specifies whether the IPv6 input firewall chain is present. Valid options: 'present' or 'absent'. Default value: present

ipv6_input_policy

Specifies the action the packet will perform when the end of the the IPv6 input firewall chain is reached. Valid options: 'accept', 'drop', 'queue' or 'return'. Default value: 'drop'

ipv6_output_ensure

Specifies whether the IPv6 output firewall chain is present. Valid options: 'present' or 'absent'. Default value: present

ipv6_output_policy

Specifies the action the packet will perform when the end of the the IPv6 output firewall chain is reached. Valid options: 'accept', 'drop', 'queue' or 'return'. Default value: 'drop'

manage_ipv4

Tells Puppet whether to manage the IPv4 firewall. Valid options: boolean. Default value: true

manage_ipv6

Tells Puppet whether to manage the IPv6 firewall. Valid options: boolean. Default value: true

Limitations

RedHat and Debian family OSes are officially supported. Tested and built on Debian and CentOS.

##Development

Echoes Tech & Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great.

Fork this module on GitHub

Contributors

The list of contributors can be found at: https://github.com/echoes-tech/puppet-echoes_firewall/graphs/contributors