Forge Home


A module to provide the nessasary classes required by puppetlabs/firewall


10,834 latest version

4.6 quality score

Version information

  • 0.1.2 (latest)
  • 0.1.1
  • 0.1.0
released Feb 17th 2015
This version is compatible with:
  • , , , , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'danfoster-sitefirewall', '0.1.2'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add danfoster-sitefirewall
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install danfoster-sitefirewall --version 0.1.2

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



danfoster/sitefirewall — version 0.1.2 Feb 17th 2015


Travis CI

Table of Contents

  1. Overview
  2. Module Description - What the module does and why it is useful
  3. Setup - The basics of getting started with sitefirewall
  4. Usage - Configuration options and additional functionality
  5. Reference - An under-the-hood peek at what the module is doing and how
  6. Limitations - OS compatibility, etc.
  7. Development - Guide for contributing to the module


This module provides sensible defaults for extra classes as required for puppetlabs/firewall.

Module Description

This module defines defeaults for pre and post firewall rules. These are:

  • Allow IMCP
  • Allow all traffic to local (lo) interface
  • Allow RELATED and ESTABLISHED connections
  • Drop all other traffic


What sitefirewall affects

This module depends on puppet/firewall and therefore affects the following:

  • Every node running a firewall
  • Firewall settings in your system
  • Connection settings for managed nodes
  • Unmanaged resources (get purged)


Include sitefirewall to get started:

class { '::sitefirewall' }

Then you are able to use firewall rules as described on the (puppetlabs/firewall)[] page.


Firewall rules can also be defined in hiera using the firewall key .e.g.:

  '10 accept SSH':
    port: 22
    proto: tcp
    action: accept


Pull requests are gratefully received.