Resource Type: firewalld_policy

Defined in:
lib/puppet/type/firewalld_policy.rb
Providers:
firewall_cmd

Summary

Creates and manages firewalld policies.

Overview

Creates and manages firewalld policies.

Note that setting ‘ensure => ’absent’‘ to the built in firewalld policies will not work, and will generate an error. This is a limitation of firewalld itself, not the module.

Examples:

Create a policy called ‘anytorestricted`

firewalld_policy { 'anytorestricted':
  ensure           => present,
  target           => '%%REJECT%%',
  ingress_zones    => ['ANY'],
  egress_zones     => ['restricted'],
  purge_rich_rules => true,
  purge_services   => true,
  purge_ports      => true,
  icmp_blocks      => 'router-advertisement'
}

Properties

  • egress_zones

    Specify the egress zones for the policy as an array of strings

  • ensure (defaults to: present)

    Manage the state of this type.

    Supported values:
    • present
    • absent
  • icmp_blocks

    Specify the icmp-blocks for the policy. Can be a single string specifying one icmp type, or an array of strings specifying multiple icmp types. Any blocks not specified here will be removed

  • ingress_zones

    Specify the ingress zones for the policy as an array of strings

  • masquerade

    Can be set to true or false, specifies whether to add or remove masquerading from the policy

    Supported values:
    • true
    • false
  • priority (defaults to: -1)

    The priority of the policy as an integer (default -1)

  • purge_ports

    When set to true any ports associated with this policy that are not managed by Puppet will be removed.

    Supported values:
    • false
    • true
  • purge_rich_rules

    When set to true any rich_rules associated with this policy that are not managed by Puppet will be removed.

    Supported values:
    • false
    • true
  • purge_services

    When set to true any services associated with this policy that are not managed by Puppet will be removed.

    Supported values:
    • false
    • true
  • target

    Specify the target for the policy

Parameters

  • description

    Description of the policy to add

  • name (namevar)

    Name of the rule resource in Puppet

  • policy

    Name of the policy

  • provider

    The specific backend to use for this ‘firewalld_policy` resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.

  • short

    Short description of the policy to add