Forge Home

Modules

Puppet

Resources

PuppetEcosystemPuppet CommunityUpdates

firewall_multi

A source/dest multiplexer frontend for puppetlabs/firewall
Project URLRSS FeedReport issues

346,286 downloads

785 latest version

4.3 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 8.0.1 (latest)
  • 8.0.0
  • 7.0.3
  • 7.0.2
  • 7.0.1
  • 7.0.0
  • 6.0.0
  • 5.0.0
  • 4.0.0
  • 3.5.0
  • 3.4.0
  • 3.0.0
  • 1.20.0
  • 1.19.0
  • 1.18.0
  • 1.17.0
  • 1.16.0
  • 1.15.0
  • 1.14.1
  • 1.14.0
  • 1.13.2
  • 1.13.1
  • 1.13.0
  • 1.12.0
  • 1.11.0
  • 1.10.1
  • 1.10.0
  • 1.9.0
  • 1.8.0
  • 1.7.0
  • 1.5.0
  • 1.4.1
  • 1.4.0
  • 1.3.1
  • 1.3.0
  • 1.2.1
  • 1.2.0
  • 1.1.3
  • 1.1.2
  • 1.1.1
  • 1.1.0
  • 1.0.5
  • 1.0.4
  • 1.0.3
  • 1.0.2
  • 1.0.1
  • 1.0.0 (deleted)
released Mar 10th 2016
This version is compatible with:
  • Puppet Enterprise >= 3.0.0 < 2015.4.0
  • Puppet >= 3.0.0 < 5.0.0
  • , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'alexharvey-firewall_multi', '1.0.5'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add alexharvey-firewall_multi
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install alexharvey-firewall_multi --version 1.0.5

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

alexharvey/firewall_multi — version 1.0.5 Mar 10th 2016

firewall_multi

##Overview

The firewall_multi module provides a defined type wrapper for spawning puppetlabs/firewall resources for arrays of sources and destinations.

##Usage

It is expected that a standard set up for the firewall module is followed, in particular with respect to the purging of firewall resources. If a user of this module, for instance, removes addresses from the array of sources, the corresponding firewall resources will only be removed if purging is enabled. This might be surprising to the user in a way that impacts security.

Otherwise, usage of the firewall_multi defined type is the same as with the firewall custom type, the only exceptions being that the source and destination parameters optionally accept arrays of IP addresses or networks, and that a string from x.x.x.x/x to y.y.y.y/x is appended to each resource's title to ensure their uniqueness in the catalog.

##Parameters

  • source: the source IP address or network or an array of sources. If not specified, a default of 0.0.0.0/0 is used.

  • destination: the destination IP address or network or an array of destinations. If not specified, a default of 0.0.0.0/0 is used.

  • Any other parameter accepted by firewall is also accepted and set for each firewall resource created without error-checking.

##Examples

firewall_multi { '100 allow http and https access':
  source => [
    '10.0.0.10/24',
    '10.0.0.12/24',
    '10.1.1.128',
  ],
  dport  => [80, 443],
  proto  => tcp,
  action => accept,
}

This will cause three resources to be created:

  • Firewall['100 allow http and https access from 10.0.0.10/24 to 0.0.0.0/0']
  • Firewall['100 allow http and https access from 10.0.0.12/24 to 0.0.0.0/0']
  • Firewall['100 allow http and https access from 10.1.1.128 to 0.0.0.0/0']

##Known Issues

While it is possible to use the dst_range parameter, and it will be correctly proxied to the firewall resources, the resource will be named to 0.0.0.0/0 in the catalog, and this name also appears in comments when a system administrator runs iptables -nL. This may be confusing, and it is therefore recommended to instead use an array of destinations, rather than dst_range.

At the moment, only the latest version of puppetlabs/firewall is supported, namely version 1.8.0.

##Development

Please read CONTRIBUTING.md before contributing.

###Testing

Make sure you have:

  • rake
  • bundler

Install the necessary gems:

bundle install

Note that gems are installed in .gems and binaries in .bin. See .bundle/config.

To run the tests from the root of the source code:

bundle exec rake spec