Forge Home

ipset

Linux ipsets management

10,710 downloads

1,503 latest version

5.0 quality score

Version information

  • 2.1.0 (latest)
  • 2.0.0
  • 1.2.3
  • 1.2.1
  • 1.2.0
  • 1.1.0
  • 1.0.0
released Dec 30th 2021
This version is compatible with:
  • Puppet Enterprise 2021.6.x, 2021.5.x, 2021.4.x, 2021.3.x, 2021.2.x, 2021.1.x, 2021.0.x, 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x
  • Puppet >= 6.1.0 < 8.0.0
  • , , , , , , , Archlinux

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'puppet-ipset', '2.1.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add puppet-ipset
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install puppet-ipset --version 2.1.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

puppet/ipset — version 2.1.0 Dec 30th 2021

puppet-ipset

Build Status Release Puppet Forge Puppet Forge - downloads Puppet Forge - endorsement Puppet Forge - scores puppetmodule.info docs AGPL v3 License

Table of Contents

Overview

This module manages Linux IP sets.

  • Checks for current ipset state, before doing any changes to it.
  • Applies ipset every time it drifts from target state, not only on config file change.
  • Handles type changes.
  • Autostart support for RHEL 6 and RHEL 7 family (upstart, systemd).

Usage

Array

IP sets can be filled from an array data structure. Typically passed from Hiera.

ipset::set { 'foo':
  ensure => present,
  set    => ['1.2.3.4', '5.6.7.8'],
  type   => 'hash:ip',
}

String

You can also pass a pre-formatted string directly, using one entry per line (with \n as a separator). This pattern is practical when generating the IP set entries using a template.

ipset::set { 'foo':
  ensure => present,
  set    => "1.2.3.4\n5.6.7.8",
  type   => 'hash:ip',
}

Module file

IP sets content can also be stored in a module file:

ipset::set { 'foo':
  ensure => present,
  set    => "puppet:///modules/${module_name}/foo.ipset",
}

Local file

Or using a plain text file stored on the filesystem:

file { '/tmp/bar_set_content':
  ensure  => present,
  content => "1.2.3.0/24\n5.6.7.8/32",
}

ipset::set { 'bar':
  ensure    => present,
  set       => 'file:///tmp/bar_set_content',
  type      => 'hash:net',
  subscribe => File['/tmp/bar_set_content'],
}

Unmanaged ipsets

Declare an IP set, without managing its content:

ipset::unmanaged { 'baz':
  ensure => present,
  type   => 'hash:net',
}

Useful when you have a dynamic process that generates an IP set content, but still want to define and use it from Puppet.

Warning: When changing IP set attributes (type, options) contents won't be kept, set will be recreated as empty.

Reference

The module uses puppet-strings for documentation. The result is the REFERENCE.md file.

Limitations

  • Tested on Debian and RedHat-like Linux distributions
  • Only hash ipsets are supported (this excludes bitmap and list:set)

Changelog

See CHANGELOG

Development and Contribution

See development

Thanks

This module is a complete rewrite of sl0m0ZA/ipset, which is a fork of pmuller/ipset, which was forked from mighq/ipset, which was based on thias/ipset.