Puppet Class: cis_security_hardening::rules::firewalld_service

Defined in:
manifests/rules/firewalld_service.pp

Summary

Ensure firewalld service is enabled and running

Overview

Ensure that the firewalld service is enabled to protect your system

Rationale: firewalld (Dynamic Firewall Manager) tool provides a dynamically managed firewall. The tool enables network/firewall zones to define the trust level of network connections and/or interfaces. It has support both for IPv4 and IPv6 firewall settings. Also, it supports Ethernet bridges and allow you to separate between runtime and permanent configuration options. Finally, it supports an interface for services or applications to add firewall rules directly

Examples:

class { 'cis_security_hardening::rules::firewalld_service':
    enforce => true,
}

Parameters:

  • enforce (Boolean) (defaults to: false)

    Enforce the rule



21
22
23
24
25
26
27
28
29
30
31
32
33
 
# File 'manifests/rules/firewalld_service.pp', line 21

class cis_security_hardening::rules::firewalld_service (
  Boolean $enforce = false,
) {
  if $enforce {
    if  (!defined(Service['firewalld'])) and
    (!defined(Class['firewall'])) {
      ensure_resource('service', ['firewalld'], {
          ensure => running,
          enable => true,
      })
    }
  }
}