Puppet Class: firewalld::direct

Defined in:
manifests/direct.pp

Overview

Class: firewalld::direct

This defines a direct configuration, see firewalld.direct (5) man page.

Parameters

chains

list of chains

ipv - string, mandatory. IP family where the chain will be created. Can be either “ipv4” or “ipv6”. table - string, optional (defaults to ‘filter’). Name of table where the chain will be created. chain - string, mandatory. Name of the chain, that will be created.

rules

list of rules

ipv - string, mandatory. IP family where the rule will be added. Can be either “ipv4” or “ipv6”. table - string, optional (defaults to ‘filter’). Name of table where the rule will be added. chain - string, mandatory. Name of chain where the rule will be added. If the chain name is a built-in chain, then the rule will be added to <chain>_direct, else the supplied chain name is used. priority - string, optional (defaults to ‘0’). Used to order rules. Priority ‘0’ means add rule on top of the chain, with a higher priority the rule will be added further down. Rules with the same priority are on the same level and the order of these rules is not fixed and may change. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following. args - string, mandatory. iptables or ip6tables arguments.

passthroughs

list of passthroughs

ipv - string, mandatory. IP family where the rule will be added. Can be either “ipv4” or “ipv6”. args - string, mandatory. iptables or ip6tables arguments.

Examples

class {'firewalld::direct':

chains => [{ ipv => ‘ipv4’, table => ‘filter’, chain => ‘mine’,},],

rules => [{ ipv => ‘ipv4’, table => ‘filter’, chain => ‘mine’, priority => ‘1’, args => “-j LOG –log-prefix ‘my prefix’”,}, { ipv => ‘ipv4’, table => ‘mangle’, chain => ‘PREROUTING’, args => “-p udp –sport 53 -m u32 –u32 ‘0&amp;0x0F000000=0x05000000 &amp;&amp; 22&amp;0xFFFF@16=0x01020304’ -j DROP”,},],}

Parameters:

  • chains (Any) (defaults to: [])
  • rules (Any) (defaults to: [])
  • passthroughs (Any) (defaults to: []) 


74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
 
# File 'manifests/direct.pp', line 74

class firewalld::direct(
	$chains = [],
	$rules = [],
	$passthroughs = [],
) {
	include firewalld::configuration

	file { '/etc/firewalld/direct.xml':
		content	=> template('firewalld/direct.xml.erb'),
		owner	=> root,
		group	=> root,
		mode	=> '0644',
		require	=> Package['firewalld'],
		notify	=> Service['firewalld'],
	}
}