Forge Home

ufw

Puppet UFW Module

80,731 downloads

50,895 latest version

1.6 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 1.4.9 (latest)
  • 1.4.8
  • 1.4.7
  • 1.4.6
  • 1.4.5
  • 1.2.0
  • 1.1.0
  • 1.0.3
  • 1.0.2
  • 1.0.1
  • 1.0.0
released Jul 5th 2014
This module has been deprecated by its author since Jan 4th 2021.

Start using this module

Documentation

attachmentgenie/ufw — version 1.4.9 Jul 5th 2014

Build Status

Puppet UFW Module

Module for configuring UFW (Uncomplicated Firewall).

Tested on Debian GNU/Linux 6.0 Squeeze and Ubuntu 12.04 LTS with Puppet 2.7. Patches for other operating systems are welcome.

Usage

If you include the ufw class the package will be installed, the service will be enabled, and all incomming connections will be denied:

include ufw

You can then allow certain connections:

ufw::allow { "allow-ssh-from-all":
  port => 22,
}

ufw::allow { "allow-all-from-trusted":
  from => "10.0.0.145",
}

ufw::allow { "allow-http-on-specific-interface":
  port => 80,
  ip => "10.0.0.20",
}

ufw::allow { "allow-dns-over-udp":
  port => 53,
  proto => "udp",
}

Ranges are created via

ufw::allow { 'all http ports'
  port  => '8000:8999',
  proto => 'tcp'.
}

n.b.: ranges require the protocol to be tcp or udp. It cannot be any.

You can also rate limit certain ports (the IP is blocked if it initiates 6 or more connections within 30 seconds):

ufw::limit { 22: }

You can also adjust the ufw logging settings

ufw::logging { "prevent-logging":
    level => 'off',
}