Puppet Class: ufw

Defined in:
manifests/init.pp

Overview

Installs, configures and enables UFW

Parameters:

  • ipv6 (Boolean) (defaults to: true) 


2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'manifests/init.pp', line 2

class ufw (

  Boolean $ipv6 = true

) {

  # Variables for config file
  $_ipv6 = $ipv6 ? {
    false   => 'IPV6=no',
    default => 'IPV6=yes'
  }

  # Install package
  package { 'ufw': }

  # Deny all
  exec { 'ufw-deny':
    command => 'ufw default deny',
    unless  => 'ufw status verbose | grep -q "Default: deny (incoming)"',
    path    => '/bin:/usr/bin:/sbin:/usr/sbin',
    require => Package['ufw']
  }

  # Enable UFW
  exec { 'ufw-enable':
    command => 'ufw --force enable',
    unless  => 'ufw status | grep -q "Status: active"',
    path    => '/bin:/usr/bin:/sbin:/usr/sbin',
    require => Package['ufw']
  }

  # Define service
  service { 'ufw':
    ensure => 'running',
    enable => true,
    require => Package['ufw']
  }

  # Disable IPv6
  file_line { 'ufw-ipv6':
    line   => $_ipv6,
    match  => '^IPV6=',
    path   => '/etc/default/ufw',
    notify => Service['ufw'],
    require => Package['ufw']
  }

}