ufw

deprecated
Puppet UFW Module

bram vogelaar

attachmentgenie

76,517 downloads

48,478 latest version

1.6 quality score

Version information

  • 1.4.9 (latest)
  • 1.4.8
  • 1.4.7
  • 1.4.6
  • 1.4.5
  • 1.2.0
  • 1.1.0
  • 1.0.3
  • 1.0.2
  • 1.0.1
  • 1.0.0
released Jul 5th 2014
This module has been deprecated by its author since Jan 4th 2021.

Start using this module

Documentation

attachmentgenie/ufw — version 1.4.9 Jul 5th 2014

Build Status

Puppet UFW Module

Module for configuring UFW (Uncomplicated Firewall).

Tested on Debian GNU/Linux 6.0 Squeeze and Ubuntu 12.04 LTS with Puppet 2.7. Patches for other operating systems are welcome.

Usage

If you include the ufw class the package will be installed, the service will be enabled, and all incomming connections will be denied:

include ufw

You can then allow certain connections:

ufw::allow { "allow-ssh-from-all":
  port => 22,
}

ufw::allow { "allow-all-from-trusted":
  from => "10.0.0.145",
}

ufw::allow { "allow-http-on-specific-interface":
  port => 80,
  ip => "10.0.0.20",
}

ufw::allow { "allow-dns-over-udp":
  port => 53,
  proto => "udp",
}

Ranges are created via

ufw::allow { 'all http ports'
  port  => '8000:8999',
  proto => 'tcp'.
}

n.b.: ranges require the protocol to be tcp or udp. It cannot be any.

You can also rate limit certain ports (the IP is blocked if it initiates 6 or more connections within 30 seconds):

ufw::limit { 22: }

You can also adjust the ufw logging settings

ufw::logging { "prevent-logging":
    level => 'off',
}