Resource Type: firewalld_rich_rule

Defined in:

lib/puppet/type/firewalld_rich_rule.rb

Providers:

firewall_cmd

Overview

Manages firewalld rich rules.

firewalld_rich_rules will autorequire the firewalld_zone specified in the zone parameter so there is no need to add dependencies for this

Example:

firewalld_rich_rule { 'Accept SSH from barny':
  ensure => present,
  zone   => 'restricted',
  source => '192.168.1.2/32',
  service => 'ssh',
  action  => 'accept',
}

Properties

• ensure (defaults to: present)

  The basic property that the resource should be in.

  Supported values:

  • present
  • absent

Parameters

• action
• audit

  doc

• dest

  Specify destination address, this can be a string of the IP address or a hash containing other options

• family (defaults to: ipv4)

  IP family, one of ipv4 or ipv6, defauts to ipv4

  Supported values:

  • ipv4
  • ipv6
• forward_port

  Specify the element as forward-port

• icmp_block

  Specify the element as an icmp-block

• icmp_type

  Specify the element as an icmp-type

• log

  doc

• masquerade

  Specify the element as masquerade

• name (namevar)

  Name of the rule resource in Puppet

• port

  Specify the element as a port

• protocol

  Specify the element as a protocol

• provider

  The specific backend to use for this ‘firewalld_rich_rule` resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.

• raw_rule

  Manage the entire rule as one string - this is used internally by firwalld_zone to handle pruning of rules

• service

  Specify the element as a service

• source

  Specify source address, this can be a string of the IP address or a hash containing other options

• zone

  Name of the zone