Forge Home


This is a puppet firewall module.


7,896 latest version

4.6 quality score

Version information

  • 1.0.9 (latest)
  • 1.0.8
  • 1.0.7
  • 1.0.6
  • 1.0.5 (deleted)
  • 1.0.4 (deleted)
  • 1.0.3 (deleted)
  • 1.0.2 (deleted)
  • 1.0.1 (deleted)
  • 1.0.0 (deleted)
released Nov 12th 2015
This version is compatible with:
  • ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'nohtyp-myfirewall', '1.0.9'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add nohtyp-myfirewall
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install nohtyp-myfirewall --version 1.0.9

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



nohtyp/myfirewall — version 1.0.9 Nov 12th 2015


Table of Contents

  1. Overview
  2. Module Description - What the module does and why it is useful
  3. Usage - Configuration options and additional functionality
  4. Reference - An under-the-hood peek at what the module is doing and how
  5. Limitations - OS compatibility, etc.


This module is meant to provide a simple interface to manage firewalld (currently) and eventually iptables.

The module currently only supports RedHat (7) and Debian (14.04) family, but I am working to allow this module to work with other OSes.

Module Description

This module provides a provider and type for the firewalld service. Currently, firewalld is the only firewall supported, however, I am in the process of creating an iptables provider.

This module manages the firewalld service and configures the rules for the firewall.


###Create firewall rule for https service in public zone:

###Adding a permanent port/protocol firewall rule in public zone:

###Remove a service

Add firewall richrule:

Add icmp message blocking:

Create a new zone

Advanced example with heira:

This example will create multiple rules in the firewall that will use only tcp.

Adding multiple ports with a single protocol

Use tcp_udp to add tcp and udp protocol for all ports:


Example with multiple richrules:


Add multiple icmp messages for blocking:



The following providers and types are created within this module:

Types and Providers

  • myfirewall
  • firewalld


Currently this module is compatible with RedHat (7) and Debian (14.04)family. I am working on other OSes and will update this accordingly. The module currently supports the following options:

  • name
  • zone
  • protocol (tcp|udp)
  • tcp_udp (true|false)
  • port (allows string or array)
  • service (allows string or array)
  • source (
  • richrule (allows string or array)
  • block_icmp (allows string or array)
  • permanent (true|false) if false myfirewall will only create a temporary rule
  • myzones (true|false) note: This option has to be used with the permanent => true


  1. myzones for Debian systems may not work as the firewall-cmd command does not have --new-zone= option. However, if the firewall-cmd does have the --new-zone option then it should work as normal.

Vagrant setup

  1. git clone
  2. cd into directory
  3. vagrant up test02
    • vagrant provision test02 (can be used to retest new options in your puppet manifest)

Release Notes/Contributors/Etc

There seems to be a bug with using arrays for creating zones. I will have to put a bug report in with RH to see if there is truly an issue.