Puppet Class: firewall::linux

Inherits:
::firewall::params
Defined in:
manifests/linux.pp

Summary

Main linux class, includes all other classes

Overview

Parameters:

  • ensure (Any) (defaults to: running)

    Controls the state of the ipv4 iptables service on your system. Valid options: ‘running’ or ‘stopped’. Defaults to ‘running’.

  • ensure_v6 (Any) (defaults to: undef)

    Controls the state of the ipv6 iptables service on your system. Valid options: ‘running’ or ‘stopped’. Defaults to ‘running’.

  • pkg_ensure (Any) (defaults to: installed)

    Controls the state of the iptables package on your system. Valid options: ‘installed’ or ‘latest’. Defaults to ‘latest’.

  • service_name (Any) (defaults to: $firewall::params::service_name)

    Specify the name of the IPv4 iptables service. Defaults defined in firewall::params.

  • service_name_v6 (Any) (defaults to: $firewall::params::service_name_v6)

    Specify the name of the IPv6 iptables service. Defaults defined in firewall::params.

  • package_name (Any) (defaults to: $firewall::params::package_name)

    Specify the platform-specific package(s) to install. Defaults defined in firewall::params.

  • ebtables_manage (Any) (defaults to: false)

    Controls whether puppet manages the ebtables package or not. If managed, the package will use the value of pkg_ensure.

  • iptables_name (Any) (defaults to: $firewall::params::iptables_name) 


26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
 
# File 'manifests/linux.pp', line 26

class firewall::linux (
  $ensure          = running,
  $ensure_v6       = undef,
  $pkg_ensure      = installed,
  $service_name    = $firewall::params::service_name,
  $service_name_v6 = $firewall::params::service_name_v6,
  $package_name    = $firewall::params::package_name,
  $ebtables_manage = false,
  $iptables_name   = $firewall::params::iptables_name,
) inherits ::firewall::params {
  $enable = $ensure ? {
    'running' => true,
    'stopped' => false,
  }

  $_ensure_v6 = pick($ensure_v6, $ensure)

  $_enable_v6 = $_ensure_v6 ? {
    'running' => true,
    'stopped' => false,
  }

  package { 'iptables':
    ensure => $pkg_ensure,
    name   => $iptables_name,
  }

  if $ebtables_manage {
    package { 'ebtables':
      ensure => $pkg_ensure,
    }
  }

  case $::operatingsystem {
    'RedHat', 'CentOS', 'Fedora', 'Scientific', 'SL', 'SLC', 'Ascendos',
    'CloudLinux', 'PSBM', 'OracleLinux', 'OVS', 'OEL', 'Amazon', 'XenServer',
    'VirtuozzoLinux', 'Rocky', 'AlmaLinux': {
      class { "${title}::redhat":
        ensure          => $ensure,
        ensure_v6       => $_ensure_v6,
        enable          => $enable,
        enable_v6       => $_enable_v6,
        package_name    => $package_name,
        service_name    => $service_name,
        service_name_v6 => $service_name_v6,
        require         => Package['iptables'],
      }
    }
    'Debian', 'Ubuntu': {
      class { "${title}::debian":
        ensure       => $ensure,
        enable       => $enable,
        package_name => $package_name,
        service_name => $service_name,
        require      => Package['iptables'],
      }
    }
    'Archlinux': {
      class { "${title}::archlinux":
        ensure       => $ensure,
        enable       => $enable,
        package_name => $package_name,
        service_name => $service_name,
        require      => Package['iptables'],
      }
    }
    'Gentoo': {
      class { "${title}::gentoo":
        ensure       => $ensure,
        enable       => $enable,
        package_name => $package_name,
        service_name => $service_name,
        require      => Package['iptables'],
      }
    }
    default: {}
  }
}