Resource Type: opnsense_firewall_rule

Defined in:
lib/puppet/type/opnsense_firewall_rule.rb

Summary

Manage opnsense firewall rules

Overview

@see:

https://docs.opnsense.org/manual/firewall.html

This type provides Puppet with the capabilities to manage opnsense firewall rules.

Examples:

opnsense_firewall_rule { 'minimal example - use description as resource title':
  device      => 'opnsense-test.device.com',
  sequence    => '1',
  action      => 'pass',
  interface   => ['lan', 'wan'],
  ensure      => 'present',
}

opnsense_firewall_rule { 'full example - use description as resource title':
  device           => 'opnsense-test.device.com',
  sequence         => '2',
  action           => 'pass',
  direction        => 'in',
  ipprotocol       => 'inet',
  interface        => ['lan', 'wan'],
  source_net       => 'any',
  source_port      => '',
  source_not       => false,
  protocol         => 'any',
  destination_net  => 'any',
  destination_port => '',
  destination_not  => false,
  gateway          => '',
  quick            => true,
  log              => false,
  enabled          => true,
  ensure           => 'present',
}

Properties

  • action

    Choose what to do with packets that match the criteria specified.

  • destination_net (defaults to: any)

    The destination eg. any, ip address, network or alias.

  • destination_not

    Use this option to invert the sense of the match for the destination.

  • destination_port (defaults to: '')

    Destination port number or well known name (imap, imaps, http, https, …), for ranges use a dash.

  • direction (defaults to: in)

    Direction of the traffic.

  • enabled (defaults to: true)

    Enable or disable this rule.

  • ensure (defaults to: present)

    Whether this resource should be present or absent on the target system.

  • gateway (defaults to: '')

    Leave as default to use the system routing table. Or choose a gateway to utilize policy based routing.

  • interface

    The network interface(s).

  • ipprotocol (defaults to: inet)

    IP Version

  • log

    Log packets that are handled by this rule.

  • protocol (defaults to: any)

    The Protocol that is used.

  • quick (defaults to: true)

    If a packet matches a rule specifying quick, then that rule is considered the last matching rule.

  • sequence

    The sequence number of this rule.

  • source_net (defaults to: any)

    The source eg. any, ip address, network or alias.

  • source_not

    Source port number or well known name (imap, imaps, http, https, …), for ranges use a dash.

  • source_port (defaults to: '')

    Source port number or well known name (imap, imaps, http, https, …), for ranges use a dash.

  • uuid

    The uuid of the rule.

Parameters

  • description (namevar)

    The rule description.

  • device (namevar)

    The name of the opnsense_device type you want to manage.