Puppet Class: firewalld::configuration

Defined in:
manifests/configuration.pp

Overview

Class: firewalld::configuration

This class configures firewalld. Result is /etc/firewalld/firewalld.conf file. See also firewalld.conf(5) man page. You don’t need to use this if you are happy with default configuration.

Parameters

All parameters are strings.

default_zone

Default zone. Default value is ‘public’.

minimal_mark

Marks up to this minimum are free for use. Default value is ‘100’.

cleanup_on_exit

If set to ‘no’ or ‘false’ the firewall configuration will not get cleaned up on exit or stop of firewalld. Default is ‘yes’.

lockdown

If set to ‘yes’, firewall changes with the D-Bus interface will be limited to applications that are listed in the lockdown whitelist. Default is ‘no’

IPv6_rpfilter

Performs a reverse path filter test on a packet for IPv6. If a reply to the packet would be sent via the same interface that the packet arrived on, the packet will match and be accepted, otherwise dropped. Default is ‘yes’.

Examples

class {'firewalld::configuration':
  default_zone    =>      'custom',}

Parameters:

  • default_zone (Any) (defaults to: 'public')
  • minimal_mark (Any) (defaults to: '100')
  • cleanup_on_exit (Any) (defaults to: 'yes')
  • lockdown (Any) (defaults to: 'no')
  • IPv6_rpfilter (Any) (defaults to: 'yes') 


51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
 
# File 'manifests/configuration.pp', line 51

class firewalld::configuration (
	$default_zone		= 'public',
	$minimal_mark		= '100',
	$cleanup_on_exit	= 'yes',
	$lockdown		= 'no',
	$IPv6_rpfilter		= 'yes'
) {
	include firewalld

	file { '/etc/firewalld/':
		ensure	=> directory,		# make sure this is a directory
		#recurse	=> true,		# recursively manage directory
		#purge	=> true,		# purge all unmanaged files
		#force	=> true,		# also purge subdirs and links
		owner	=> root,
		group	=> root,
		mode	=> '0750',
		require	=> Package['firewalld'], # make sure package is installed
		notify	=> Service['firewalld'], # restart service
	}

	file { '/etc/firewalld/firewalld.conf':
		ensure	=> file,
		content	=> template('firewalld/firewalld.conf.erb'),
		owner	=> root,
		group	=> root,
		mode	=> '0640',
		require	=> Package['firewalld'], # make sure package is installed
		notify	=> Service['firewalld'], # restart service
	}
}