Puppet Class: firewalld::configuration

Defined in:

manifests/configuration.pp

Overview

Class: firewalld::configuration

This class configures firewalld.

Parameters

All parameters are strings.

default_zone

Default zone.

minimal_mark

Marks up to this minimum are free for use.

cleanup_on_exit

If set to no or false the firewall configuration will not get cleaned up on exit or stop of firewalld

lockdown

If set to enabled, firewall changes with the D-Bus interface will be limited to applications that are listed in the lockdown whitelist.

IPv6_rpfilter

Performs a reverse path filter test on a packet for IPv6. If a reply to the packet would be sent via the same interface that the packet arrived on, the packet will match and be accepted, otherwise dropped.

Examples

class {'firewalld::configuration':
  default_zone    =>      'custom',}

Parameters:

• default_zone (Any) (defaults to: 'public')
• minimal_mark (Any) (defaults to: '100')
• cleanup_on_exit (Any) (defaults to: 'yes')
• lockdown (Any) (defaults to: 'no')
• IPv6_rpfilter (Any) (defaults to: 'yes')

# File 'manifests/configuration.pp', line 47

class firewalld::configuration (
	$default_zone		= 'public',
	$minimal_mark		= '100',
	$cleanup_on_exit	= 'yes',
	$lockdown		= 'no',
	$IPv6_rpfilter		= 'yes'
) {
	include firewalld

	file { '/etc/firewalld/':
		ensure	=> directory,		# make sure this is a directory
		#recurse	=> true,		# recursively manage directory
		#purge	=> true,		# purge all unmanaged files
		#force	=> true,		# also purge subdirs and links
		owner	=> root,
		group	=> root,
		mode	=> '0750',
		require	=> Package['firewalld'], # make sure package is installed
		notify	=> Service['firewalld'], # restart service
	}

	file { '/etc/firewalld/firewalld.conf':
		ensure	=> file,
		content	=> template('firewalld/firewalld.conf.erb'),
		owner	=> root,
		group	=> root,
		mode	=> '0640',
		require	=> Package['firewalld'], # make sure package is installed
		notify	=> Service['firewalld'], # restart service
	}
}