tcpwrappers
Version information
This version is compatible with:
- Puppet Enterprise 2025.4.x, 2025.3.x, 2025.2.x, 2025.1.x, 2023.8.x, 2023.7.x, 2023.6.x, 2023.5.x, 2023.4.x, 2023.3.x, 2023.2.x, 2023.1.x, 2023.0.x, 2021.7.x, 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
- Puppet >= 4.7.0 < 9.0.0
- CentOS,OpenSuse,OracleLinux,Ubuntu
Start using this module
Add this module to your Puppetfile:
mod 'ffquintella-tcpwrappers', '1.1.4'Learn more about managing modules with a PuppetfileDocumentation
tcpwrappers
This module is a fork form sharumpe/tcpwrappers. I decided to make it to allow compatibility with puppet and concat 6.
This is a tcpwrappers module intended to configure simple allow/deny rules.
This is provided as-is, YMMV. If you're in Vagrant, make sure to include at least an allow for the "sshd" service.
NOTE
Though the defaultAllowAll and defaultDenyAll are still included, they should be considered deprecated, and will be removed in the next release.
Code should be changed to use default_allow_all and default_deny_all instead.
Examples
Just include the module:
include tcpwrappers
Include the module, and create "allow all" or "deny all" defaults: (Note: these rules will not be removed if you define other allow or deny rules.)
class { 'tcpwrappers':
default_deny_all => true,
}
Allow a service from an address/range (if not using default_allow_all):
tcpwrappers::allow { 'local_sshd':
service => 'sshd',
address => '192.168.1.0/24',
}
Deny a service from an address/range (if not using default_allow_all):
tcpwrappers::deny { 'local_ftp':
service => 'ftpd',
address => '192.168.2.0/255.255.255.0',
}
Use a wildcard (ALL, LOCAL, UNKNOWN, KNOWN, PARANOID):
tcpwrappers::allow { 'local_httpd':
service => 'httpd',
address => 'LOCAL',
}
Dependencies
- puppetlabs/stdlib (>= 4.0.0 < 10.0.0)
- puppetlabs/concat (>= 1.0.4 < 10.0.0)