Puppet Class: sys::iptables::pre

Defined in:
manifests/iptables/pre.pp

Overview

Class: sys::iptables::pre

Global firewall defaults applied before custom rules.

Private class, do not use directly.

Parameters:

  • ssh_port (Any)
  • ping (Any)
  • lo (Any)
  • iniface (Any) 


7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'manifests/iptables/pre.pp', line 7

class sys::iptables::pre(
  $ssh_port,
  $ping,
  $lo,
  $iniface,
){
  Firewall {
    require => undef,
  }

  firewall { '000 allow packets with valid state':
    action  => 'accept',
    proto   => 'all',
    state   => [ 'RELATED', 'ESTABLISHED' ],
    iniface => $iniface,
  }

  if $ping {
    firewall { '001 allow icmp ping':
      action  => 'accept',
      proto   => 'icmp',
      icmp    => 'echo-request',
      iniface => $iniface,
    }
  }

  if $lo {
    firewall { '002 allow all to lo interface':
      action  => 'accept',
      proto   => 'all',
      iniface => 'lo',
    }
  }

  if $ssh_port {
    firewall { '010 allow ssh':
      action  => 'accept',
      proto   => 'tcp',
      dport   => $ssh_port,
      iniface => $iniface,
    }
  }
}