Forge Home




9,857 latest version

1.5 quality score

Version information

  • 1.0.0 (latest)
released Mar 1st 2012

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'sschneid-firewall', '1.0.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add sschneid-firewall
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install sschneid-firewall --version 1.0.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



sschneid/firewall — version 1.0.0 Mar 1st 2012


My infrastructure setup is pretty simple: all of our VMs are behind a hardware firewall, but I want the added security of iptables running on each individual VM. Generally, I leave only 22/tcp (SSH) and 161/udp (SNMP) open, and otherwise specify an array of other TCP or UDP ports to open within the node definition.

This is the simplest Puppet module I could come up with.


Sepcify an array of ports to open in 'open_tcp' or 'open_udp' parameters to the 'firewall' class.

A node definition will look like this:

inherits default {
    class {
        # Here's the magic
            open_tcp => [ "80", "443" ];

        # Other class definitions here...
            docroot  => "/var/www/example",
            gitrepo  => "github:sschneid/example.git";