Defined Type: firewalld::service

Defined in:
manifests/service.pp

Overview

Define: firewalld::service

This defines a service configuration. You usually don’t need this, you can simply add ports to zone (firewalld::zone). Result is a /etc/firewalld/services/$name.xml file, where $name is name of the class. See also firewalld.service (5) man page.

Parameters

[short] short readable name [description] long description of service

ports

list of ports to open

ports => [{ port => mandatory, string, e.g. ‘1234’ protocol => mandatory, string, e.g. ‘tcp’ },…] [modules] list of kernel netfilter helpers to load

destination

specifies destination network as a network IP address (optional with /mask), or a plain IP address.

destination => { ipv4 => string, mandatory to specify ipv4 and/or ipv6 ipv6 => string, mandatory to specify ipv4 and/or ipv6 }

Examples

firewalld::service { 'dummy':

description => ‘My dummy service’, ports => [=> ‘1234’, protocol => ‘tcp’,,], modules => [‘some_module_to_load’], destination => => ‘224.0.0.251’, ipv6 => ‘ff02::fb’,}

Parameters:

  • short (Any) (defaults to: '')
  • description (Any) (defaults to: '')
  • ports (Any) (defaults to: [])
  • modules (Any) (defaults to: [])
  • destination (Any) (defaults to: {}) 


69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
 
# File 'manifests/service.pp', line 69

define firewalld::service(
	$short = '',
	$description = '',
	$ports = [],
	$modules = [],
	$destination = {},
) {

	include firewalld::service::base
	include firewalld::configuration

	file { "/etc/firewalld/services/${name}.xml":
		content	=> template('firewalld/service.xml.erb'),
		owner	=> root,
		group	=> root,
		mode	=> '0644',
		require	=> Package['firewalld'],
		notify	=> Service['firewalld'],
	}
}