Version information
This version is compatible with:
- Puppet Enterprise 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
- Puppet >= 4.7.0 < 6.0.0
- , , ,
Start using this module
Add this module to your Puppetfile:
mod 'sharumpe-tcpwrappers', '1.0.4'
Learn more about managing modules with a PuppetfileDocumentation
tcpwrappers
This is a tcpwrappers module intended to configure simple allow/deny rules.
This is provided as-is, YMMV. If you're in Vagrant, make sure to include at least an allow for the "sshd" service.
NOTE
Though the defaultAllowAll
and defaultDenyAll
are still included, they should be considered deprecated, and will be removed in the next release.
Code should be changed to use default_allow_all
and default_deny_all
instead.
Examples
Just include the module:
include tcpwrappers
Include the module, and create "allow all" or "deny all" defaults: (Note: these rules will not be removed if you define other allow or deny rules.)
class { 'tcpwrappers':
default_deny_all => true,
}
Allow a service from an address/range (if not using default_allow_all):
tcpwrappers::allow { 'local_sshd':
service => 'sshd',
address => '192.168.1.0/24',
}
Deny a service from an address/range (if not using default_allow_all):
tcpwrappers::deny { 'local_ftp':
service => 'ftpd',
address => '192.168.2.0/255.255.255.0',
}
Use a wildcard (ALL, LOCAL, UNKNOWN, KNOWN, PARANOID):
tcpwrappers::allow { 'local_httpd':
service => 'httpd',
address => 'LOCAL',
}
Contact
If you send email, please include "sharumpe-tcpwrappers" in the subject line.
Dependencies
- puppetlabs/stdlib (>= 4.0.0 < 5.1.0)
- puppetlabs/concat (>= 1.0.4 <= 4.0.1)