Resource Type: firewalld_rich_rule

Defined in:: lib/puppet/type/firewalld_rich_rule.rb

Providers:: firewall_cmd

Overview

Manages firewalld rich rules.

firewalld_rich_rules will autorequire the firewalld_zone specified in the zone parameter or the firewalld_policy specified in the policy parameter so there is no need to add dependencies for this

Example:

firewalld_rich_rule { 'Accept SSH from barny':
  ensure => present,
  zone   => 'restricted',
  source => '192.168.1.2/32',
  service => 'ssh',
  action  => 'accept',
}

Properties

ensure (defaults to: present)

Manage the state of this type.
Supported values:
- present
- absent

Parameters

action

Specify the action fo this rule
audit

doc
dest

Specify destination address, this can be a string of the IP address or a hash containing other options
family (defaults to: ipv4)

IP family, one of ipv4, ipv6 or eb, defauts to ipv4
Supported values:
- ipv4
- ipv6
- eb
forward_port

Specify the element as forward-port
icmp_block

Specify the element as an icmp-block
icmp_type

Specify the element as an icmp-type
log

doc
masquerade

Specify the element as masquerade
name (namevar)

Name of the rule resource in Puppet
policy (defaults to: unset)

Name of the policy to attach the rich rule to, exactly one of zone and policy must be supplied
port

Specify the element as a port
priority

Rule priority, it can be in the range of -32768 to 32767
protocol

Specify the element as a protocol
provider

The specific backend to use for this ‘firewalld_rich_rule` resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.
raw_rule

Manage the entire rule as one string - this is used internally by firwalld_zone and firewalld_policy to handle pruning of rules
service

Specify the element as a service
source

Specify source address, this can be a string of the IP address or a hash containing other options
zone (defaults to: unset)

Name of the zone to attach the rich rule to, exactly one of zone and policy must be supplied