myfirewall

This is a puppet firewall module.

Thomas Foster

nohtyp

8,126 downloads

7,144 latest version

4.6 quality score

Version information

  • 1.0.9 (latest)
  • 1.0.8
  • 1.0.7
  • 1.0.6
  • 1.0.5
  • 1.0.4
  • 1.0.3
  • 1.0.2
  • 1.0.1
  • 1.0.0
released Nov 12th 2015
This version is compatible with:
  • RedHat
    ,
    Ubuntu

Start using this module

Documentation

nohtyp/myfirewall — version 1.0.9 Nov 12th 2015

myfirewall

Table of Contents

  1. Overview
  2. Module Description - What the module does and why it is useful
  3. Usage - Configuration options and additional functionality
  4. Reference - An under-the-hood peek at what the module is doing and how
  5. Limitations - OS compatibility, etc.

Overview

This module is meant to provide a simple interface to manage firewalld (currently) and eventually iptables.

The module currently only supports RedHat (7) and Debian (14.04) family, but I am working to allow this module to work with other OSes.

Module Description

This module provides a provider and type for the firewalld service. Currently, firewalld is the only firewall supported, however, I am in the process of creating an iptables provider.

This module manages the firewalld service and configures the rules for the firewall.

Usage

###Create firewall rule for https service in public zone:

###Adding a permanent port/protocol firewall rule in public zone:

###Remove a service

Add firewall richrule:

Add icmp message blocking:

Create a new zone

Advanced example with heira:

This example will create multiple rules in the firewall that will use only tcp.

Adding multiple ports with a single protocol

Use tcp_udp to add tcp and udp protocol for all ports:

myfirewall/hieradata/test02.familyguy.local.yaml

Example with multiple richrules:

myfirewall/hieradata/test02.familyguy.local.yaml

Add multiple icmp messages for blocking:

myfirewall/hieradata/test02.familyguy.local.yaml

Reference

The following providers and types are created within this module:

Types and Providers

  • myfirewall
  • firewalld

Limitations

Currently this module is compatible with RedHat (7) and Debian (14.04)family. I am working on other OSes and will update this accordingly. The module currently supports the following options:

  • name
  • zone
  • protocol (tcp|udp)
  • tcp_udp (true|false)
  • port (allows string or array)
  • service (allows string or array)
  • source (192.168.1.0/24)
  • richrule (allows string or array)
  • block_icmp (allows string or array)
  • permanent (true|false) if false myfirewall will only create a temporary rule
  • myzones (true|false) note: This option has to be used with the permanent => true

Issues

  1. myzones for Debian systems may not work as the firewall-cmd command does not have --new-zone= option. However, if the firewall-cmd does have the --new-zone option then it should work as normal.

Vagrant setup

  1. git clone https://github.com/nohtyp/myfirewall.git
  2. cd into directory
  3. vagrant up test02
    • vagrant provision test02 (can be used to retest new options in your puppet manifest)

Release Notes/Contributors/Etc

There seems to be a bug with using arrays for creating zones. I will have to put a bug report in with RH to see if there is truly an issue.