Forge Home

firewall_c2c

Add autorequire to Puppet Labs' firewall module

22,914 downloads

11,143 latest version

3.1 quality score

Version information

  • 1.1.17 (latest)
  • 1.1.16
  • 1.1.15
  • 1.1.14
  • 1.1.13
  • 1.1.12
  • 1.1.11
  • 1.1.10
  • 1.1.9
  • 1.1.8
  • 1.1.7
  • 1.1.6
  • 1.1.5
  • 1.1.4
  • 1.1.3
  • 1.1.1
  • 1.1.0
  • 1.0.1
  • 1.0.0
released Jun 20th 2016
This version is compatible with:
  • Puppet Enterprise >= 3.2.0 < 3.4.0
  • Puppet 3.x
  • RedHat
    ,
    CentOS
    ,
    Scientific
    ,
    Debian
    ,
    Ubuntu

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'camptocamp-firewall_c2c', '1.1.17'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add camptocamp-firewall_c2c
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install camptocamp-firewall_c2c --version 1.1.17

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download
Tags: firewall

Documentation

camptocamp/firewall_c2c — version 1.1.17 Jun 20th 2016

Firewall_c2c

Puppet Forge Build Status

Overview

Monkey Patch Puppetlabs' firewall module to add an autorequirement to apply Firewall resources alphabetically.

Example:

Consider this manifest:

class { 'firewall': }
firewall { '000 accept all icmp':
  proto   => 'icmp',
  action  => 'accept',
}
firewall { '001 accept all to lo interface':
  proto   => 'all',
  iniface => 'lo',
  action  => 'accept',
}
firewall { '002 accept related established rules':
  proto   => 'all',
  ctstate => ['RELATED', 'ESTABLISHED'],
  action  => 'accept',
}

Without this module, you have to add explicit dependencies, otherwise rules are applied whithout specific order:

Notice: /Stage[main]/Main/Firewall[000 accept all icmp]/ensure: current_value absent, should be present (noop)
Notice: /Stage[main]/Main/Firewall[002 accept related established rules]/ensure: current_value absent, should be present (noop)
Notice: /Stage[main]/Main/Firewall[001 accept all to lo interface]/ensure: current_value absent, should be present (noop)

With this module, no need to define explicit dependencies:

Notice: /Stage[main]/Main/Firewall[000 accept all icmp]/ensure: current_value absent, should be present (noop)
Notice: /Stage[main]/Main/Firewall[001 accept all to lo interface]/ensure: current_value absent, should be present (noop)
Notice: /Stage[main]/Main/Firewall[002 accept related established rules]/ensure: current_value absent, should be present (noop)

And with --debug:

Debug: /Firewall[000 accept all icmp]: Autorequiring Package[iptables]
Debug: /Firewall[000 accept all icmp]: Autorequiring Package[iptables-persistent]
Debug: /Firewall[001 accept all to lo interface]: Autorequiring Package[iptables]
Debug: /Firewall[001 accept all to lo interface]: Autorequiring Package[iptables-persistent]
Debug: /Firewall[001 accept all to lo interface]: Autorequiring Firewall[000 accept all icmp]
Debug: /Firewall[002 accept related established rules]: Autorequiring Package[iptables]
Debug: /Firewall[002 accept related established rules]: Autorequiring Package[iptables-persistent]
Debug: /Firewall[002 accept related established rules]: Autorequiring Firewall[001 accept all to lo interface]

This greatly ease the usage of Puppetlabs' firewall module.