Resource Type: firewalld_zone

Defined in:
lib/puppet/type/firewalld_zone.rb
Providers:
firewall_cmd

Summary

Creates and manages firewalld zones.

Overview

Creates and manages firewalld zones.

Note that setting ‘ensure => ’absent’‘ to the built in firewalld zones will not work, and will generate an error. This is a limitation of firewalld itself, not the module.

Examples:

Create a zone called ‘restricted` allowing only `echo-request` icmp types

firewalld_zone { 'restricted':
  ensure               => present,
  target               => '%%REJECT%%',
  interfaces           => [],
  sources              => [],
  purge_rich_rules     => true,
  purge_services       => true,
  purge_ports          => true,
  icmp_blocks          => 'echo-request'
  icmp_block_inversion => true,
}

Properties

  • ensure (defaults to: present)

    Manage the state of this type.

    Supported values:
    • present
    • absent
  • icmp_block_inversion (defaults to: false)

    Can be set to true or false, specifies whether to set icmp_block_inversion from the zone

    Supported values:
    • true
    • false
  • icmp_blocks

    Specify the icmp-blocks for the zone. Can be a single string specifying one icmp type, or an array of strings specifying multiple icmp types. Any blocks not specified here will be removed

  • interfaces

    Specify the interfaces for the zone

  • masquerade

    Can be set to true or false, specifies whether to add or remove masquerading from the zone

    Supported values:
    • true
    • false
  • protocols

    Specify the protocols for the zone

  • purge_ports

    When set to true any ports associated with this zone that are not managed by Puppet will be removed.

    Supported values:
    • false
    • true
  • purge_rich_rules

    When set to true any rich_rules associated with this zone that are not managed by Puppet will be removed.

    Supported values:
    • false
    • true
  • purge_services

    When set to true any services associated with this zone that are not managed by Puppet will be removed.

    Supported values:
    • false
    • true
  • sources

    Specify the sources for the zone

  • target

    Specify the target for the zone

Parameters

  • description

    Description of the zone to add

  • name (namevar)

    Name of the rule resource in Puppet

  • provider

    The specific backend to use for this ‘firewalld_zone` resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.

  • short

    Short description of the zone to add

  • zone

    Name of the zone