Resource Type: firewalld_zone

Defined in:: lib/puppet/type/firewalld_zone.rb

Providers:: firewall_cmd

Overview

Creates and manages firewald zones. Note that setting ensure => ‘absent’ to the built in firewalld zones will not work, and will generate an error. This is a limitation of firewalld itself, not the module.

Example:

firewalld_zone { 'restricted':
  ensure           => present,
  target           => '%%REJECT%%',
  interfaces       => [],
  sources          => [],
  purge_rich_rules => true,
  purge_services   => true,
  purge_ports      => true,
  icmp_blocks      => 'router-advertisement'
}

Properties

ensure (defaults to: present)

The basic property that the resource should be in.
Supported values:
- present
- absent
icmp_blocks

Specify the icmp-blocks for the zone. Can be a single string specifying one icmp type, or an array of strings specifying multiple icmp types. Any blocks not specified here will be removed
interfaces

Specify the interfaces for the zone
purge_ports

When set to true any ports associated with this zone that are not managed by Puppet will be removed.
Supported values:
- (:false)
- true
purge_rich_rules

When set to true any rich_rules associated with this zone that are not managed by Puppet will be removed.
Supported values:
- false
- true
purge_services

When set to true any services associated with this zone that are not managed by Puppet will be removed.
Supported values:
- false
- true
sources

Specify the sources for the zone
target

Specify the target for the zone

Parameters

name (namevar)

Name of the rule resource in Puppet
provider

The specific backend to use for this ‘firewalld_zone` resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.
zone

Name of the zone