Puppet Class: firewall::linux::debian

Inherits:
::firewall::params
Defined in:
manifests/linux/debian.pp

Summary

Installs the `iptables-persistent` package for Debian-alike systems. This allows rules to be stored to file and restored on boot.

Overview

Parameters:

  • ensure (Any) (defaults to: running)

    Ensure parameter passed onto Service[] resources. Valid options: ‘running’ or ‘stopped’. Defaults to ‘running’.

  • enable (Any) (defaults to: true)

    Enable parameter passed onto Service[] resources. Defaults to ‘true’.

  • service_name (Any) (defaults to: $firewall::params::service_name)

    Specify the name of the IPv4 iptables service. Defaults defined in firewall::params.

  • package_name (Any) (defaults to: $firewall::params::package_name)

    Specify the platform-specific package(s) to install. Defaults defined in firewall::params.

  • package_ensure (Any) (defaults to: $firewall::params::package_ensure)

    Controls the state of the iptables package on your system. Valid options: ‘present’ or ‘latest’. Defaults to ‘latest’.



21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
# File 'manifests/linux/debian.pp', line 21

class firewall::linux::debian (
  $ensure         = running,
  $enable         = true,
  $service_name   = $firewall::params::service_name,
  $package_name   = $firewall::params::package_name,
  $package_ensure = $firewall::params::package_ensure,
) inherits ::firewall::params {
  if $package_name {
    ensure_packages([$package_name], {
        ensure  => $package_ensure
    })
  }

  # This isn't a real service/daemon. The start action loads rules, so just
  # needs to be called on system boot.
  service { $service_name:
    ensure    => undef,
    enable    => $enable,
    hasstatus => true,
    require   => Package[$package_name],
  }
}