Puppet Class: opnsense::client::firewall

Defined in:

manifests/client/firewall.pp

Summary

Use exported resources to collect firewall configurations from clients.

Overview

This will create resources for firewall configurations into puppetdb for automatically configuring them on one or more opnsense firewall.

Examples:

class { 'opnsense::client::firewall':
  aliases => {
    "my_http_ports_from_client" => {
      "devices"     => ["localhost"],
      "type"        => "port",
      "content"     => ["80", "443"],
      "description" => "example local http ports",
      "enabled"     => true,
      "ensure"      => present
    },
  },
  rules => {
    "allow all from lan and wan" => {
      "devices"   => ["localhost"],
      "sequence"  => "1",
      "action"    => "pass",
      "interface" => ["lan", "wan"],
      "ensure"      => present
    }
  }
}

Parameters:

• aliases (Hash) —

  Firewall aliases that are associated with this client.

• rules (Hash) —

  Firewall rules that are associated with this client.

# File 'manifests/client/firewall.pp', line 34

class opnsense::client::firewall (
  Hash $aliases,
  Hash $rules,
) {
  $aliases.map |$alias_name, $alias_options| {
    $alias_options['devices'].each |$device_name| {
      $alias_options_filtered = delete($alias_options, ['devices', 'description'])
      @@opnsense_firewall_alias { "${alias_name}@${device_name}":
        description => "${facts['networking']['fqdn']} - ${alias_options['description']}",
        *           => $alias_options_filtered,
        tag         => $device_name,
      }
    }
  }

  $rules.map |$rule_name, $rule_options| {
    $rule_options['devices'].each |$device_name| {
      $rule_options_filtered = delete($rule_options, ['devices', 'description'])
      @@opnsense_firewall_rule { "${facts['networking']['fqdn']} - ${rule_name}@${device_name}":
        *   => $rule_options_filtered,
        tag => $device_name,
      }
    }
  }
}