[
- Overview
- Module Description - What the module does and why it is useful
- Setup - The basics of getting started with firewall
- Usage - Configuration options and additional functionality
- Reference - An under-the-hood peek at what the module is doing and how
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
- Contributors
Puppet module to manage firewall rules.
This module is an implementation of the recommendations of the puppetlabs-firewall module. See more: https://forge.puppetlabs.com/puppetlabs/firewall#beginning-with-firewall
include 'echoes_firewall'class { echoes_firewall:
allow_ipv4_for_ssh => [ '192.168.1.1' ],
}- echoes_firewall: Main class, includes all other classes.
- echoes_firewall::post: Handles the last rules for IPv4.
- echoes_firewall::post_ipv6: Handles the last rules for IPv6.
- echoes_firewall::pre: Handles the first rules for IPv4.
- echoes_firewall::pre_ipv6: Handles the first rules for IPv6.
The following parameters are available in the ::echoes_firewall class:
Specifies whether ICMP is allowed. Valid options: boolean. Default value: false
Specifies whether ICMPv6 is allowed. Valid options: boolean. Default value: false
Specifies which IPv4 addresses are allowed to established a SSH connection. Valid options: array. Default value: []
Specifies which IPv6 addresses are allowed to established a SSH connection. Valid options: array. Default value: []
Specifies whether the IPv4 forward firewall chain is present. Valid options: 'present' or 'absent'. Default value: present
Specifies the action the packet will perform when the end of the the IPv4 forward firewall chain is reached. Valid options: 'accept', 'drop', 'queue' or 'return'. Default value: 'drop'
Specifies whether the IPv4 input firewall chain is present. Valid options: 'present' or 'absent'. Default value: present
Specifies the action the packet will perform when the end of the the IPv4 input firewall chain is reached. Valid options: 'accept', 'drop', 'queue' or 'return'. Default value: 'drop'
Specifies whether the IPv4 output firewall chain is present. Valid options: 'present' or 'absent'. Default value: present
Specifies the action the packet will perform when the end of the the IPv4 output firewall chain is reached. Valid options: 'accept', 'drop', 'queue' or 'return'. Default value: 'drop'
Specifies whether the IPv6 forward firewall chain is present. Valid options: 'present' or 'absent'. Default value: present
Specifies the action the packet will perform when the end of the the IPv6 forward firewall chain is reached. Valid options: 'accept', 'drop', 'queue' or 'return'. Default value: 'drop'
Specifies whether the IPv6 input firewall chain is present. Valid options: 'present' or 'absent'. Default value: present
Specifies the action the packet will perform when the end of the the IPv6 input firewall chain is reached. Valid options: 'accept', 'drop', 'queue' or 'return'. Default value: 'drop'
Specifies whether the IPv6 output firewall chain is present. Valid options: 'present' or 'absent'. Default value: present
Specifies the action the packet will perform when the end of the the IPv6 output firewall chain is reached. Valid options: 'accept', 'drop', 'queue' or 'return'. Default value: 'drop'
Tells Puppet whether to manage the IPv4 firewall. Valid options: boolean. Default value: true
Tells Puppet whether to manage the IPv6 firewall. Valid options: boolean. Default value: true
RedHat and Debian family OSes are officially supported. Tested and built on Debian and CentOS.
##Development
Echoes Tech & Labs modules on the Puppet Forge are open projects, and community contributions are essential for keeping them great.
The list of contributors can be found at: https://github.com/echoes-tech/puppet-echoes_firewall/graphs/contributors