Resource Type: firewalld_ipset

Overview

Configure IPsets in Firewalld

Example:

firewalld_ipset {'internal net':
    ensure   => 'present',
    type     => 'hash:net',
    family   => 'inet',
    entries  => ['192.168.0.0/24']
}

Properties

ensure (defaults to: present)

Manage the state of this type.
Supported values:
- present
- absent
entries

Array of ipset entries
family

Protocol family of the IPSet
Supported values:
- inet6
- inet
hashsize

Initial hash size of the IPSet
maxelem

Maximal number of elements that can be stored in the set
Supported values:
- %r{^[1-9]\d*$}
timeout

Timeout in seconds before entries expiry. 0 means entry is permanent
Supported values:
- %r{^\d+$}

Parameters

manage_entries (defaults to: true)

Should we manage entries in this ipset or leave another process manage those entries
Supported values:
- true
- false
- yes
- no
name (namevar)

Name of the IPset
options

Hash of options for the IPset, eg { ‘family’ => ‘inet6’ }
provider

The specific backend to use for this ‘firewalld_ipset` resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.
type (defaults to: hash:ip)

Type of the ipset (default: hash:ip)
Supported values:
- bitmap:ip
- bitmap:ip,mac
- bitmap:port
- hash:ip
- hash:ip,mark
- hash:ip,port
- hash:ip,port,ip
- hash:ip,port,net
- hash:mac
- hash:net
- hash:net,iface
- hash:net,net
- hash:net,port
- hash:net,port,net
- list:set