Puppet Forge

PuppetForge 0.4.0

Module bobsh/iptables

Download

Module description

Module for handling iptables.

Release notes for version 1.2.0

  • Added Puppet 2.6.x support
  • Fix reloads of empty fields
  • Add ability to specify hostname for source and destination

Types

iptables

Description

Manipulate iptables rules

Parameters
name

The name of the resource

chain

holds value of iptables -A parameter. Possible values are: ‘INPUT’, ‘FORWARD’, ‘OUTPUT’, ‘PREROUTING’, ‘POSTROUTING’. Default value is ‘INPUT’ Valid values are INPUT, FORWARD, OUTPUT, PREROUTING, POSTROUTING.

table

one of the following tables: ‘nat’, ‘mangle’, ‘filter’ and ‘raw’. Default one is ‘filter’ Valid values are nat, mangle, filter, raw.

proto

holds value of iptables –protocol parameter. Possible values are: ‘tcp’, ‘udp’, ‘icmp’, ‘esp’, ‘ah’, ‘vrrp’, ‘igmp’, ‘all’. Default value is ‘tcp’ Valid values are tcp, udp, icmp, esp, ah, vrrp, igmp, all.

jump

holds value of iptables –jump target Possible values are: ‘ACCEPT’, ‘DROP’, ‘REJECT’, ‘DNAT’, ‘SNAT’, ‘LOG’, ‘MASQUERADE’, ‘REDIRECT’. Default value is ‘ACCEPT’. While this is not the accepted norm, this is the more commonly used jump target. Users should ensure they do an explicit DROP for all packets after all the ACCEPT rules are specified. Valid values are ACCEPT, DROP, REJECT, DNAT, SNAT, LOG, MASQUERADE, REDIRECT.

source

value for iptables –source parameter. Accepts a single string or array.

destination

value for iptables –destination parameter

sport

holds value of iptables [..] –source-port parameter. If array is specified, values will be passed to multiport module. Only applies to tcp/udp.

dport

holds value of iptables [..] –destination-port parameter. If array is specified, values will be passed to multiport module. Only applies to tcp/udp.

iniface

value for iptables –in-interface parameter

outiface

value for iptables –out-interface parameter

tosource

value for iptables ‘-j SNAT –to-source’ parameter

todest

value for iptables ‘-j DNAT –to-destination’ parameter

toports

value for iptables ‘-j REDIRECT –to-ports’ parameter

reject

value for iptables ‘-j REJECT –reject-with’ parameter

log_level

value for iptables ‘-j LOG –log-level’ parameter

log_prefix

value for iptables ‘-j LOG –log-prefix’ parameter

icmp

value for iptables ‘-p icmp –icmp-type’ parameter

state

value for iptables ‘-m state –state’ parameter. Possible values are: ‘INVALID’, ‘ESTABLISHED’, ‘NEW’, ‘RELATED’. Also accepts an array of multiple values.

limit

value for iptables ‘-m limit –limit’ parameter. Example values are: ‘50/sec’, ‘40/min’, ‘30/hour’, ‘10/day’.

burst

value for ‘–limit-burst’ parameter. Example values are: ‘5’, ‘10’.

redirect

value for iptables ‘-j REDIRECT –to-ports’ parameter.

Module's releases

Add a module

Modules

Popular Tags

a2dismod a2enmod accelerator access acl activemq agent agnostic alerts aliases amanda amavis amazon amqp analysis and android antivirus apache apache2 apple application applications apt apticron archive asadmin Atlassian augeas auth authconfig authentication authoritative automation availability aws backup backuppc bacula balance bash basic benchmark bigtable bind blog boundary bprobe bugzilla build bzr c++ ca caching Cacti capistrano cassandra ccollect CentOS cern certificate certificate_authority certificates certs cfn check chrislea ci cirrus clamav cleanup cli client cloud cloud-provisioner cloudformation cloudkick cluster cobbler collectd common compile compiler composite_namevars concat concatenate console control controltier create_resouces cron curl CVS cyber dashboard data database datadog db debian defaults denyhosts deployment desktop developer development device dhcp digest directory distributed dms dns dnsmasq dovecot dpkg dpm duo dynamic dynect ec2 editor elasticsearch email ENC enterprise environment ESN example42 exim experimental ext f5 face facter factor facts fail fail2ban farm fcgi fcron fedora FHS file files fileserver filesystem find firehol firewall flowdock FMRI foo foreman fpm freebsd fsck ftp func function ganglia gcc gconf gearman gearman-job-server gearmand gem generation generic Gentoo gfx git gitolite glassfish Glider gLite glusterfs gnome2 graphics greylisting grid Group groups ha hadoop haproxy hardware hbase hdd hdfs headless heartbeat hg hids high-availability homebew host host-keys hosts HP htdigest htpasswd HTTP httpd https icinga ignore imagemagick imap info information infrastructure initr interface inventory ip6tables iphone iproute ipset iptables ipvs irc irqbalance iscsi jabber java jdk jenkins jenkins-ci Jira joyent jre jsp keepalived kerberos kickstart krb5 kvm kwalify LANANA languages lcg lcgutil ldap library libvirt libzypp limits limits-conf linux lmsensors load load-balancing loadbalancer locale locales lock logging logical_volume logrotate logs logwatch LSB lucid LVM mac mail mailalias maintenance make manager manages_members mariadb master-election mcollective mediawiki memcached message message_bus messaging meta metche mfa middleware mirror mnx mobileconfig module modules mon mongodb monit monitor monitoring Monitoring and Trending mosh motd mount mountpoint mounttab mrepo mta multi multipath multiple sites mumble munin mysql mysql-proxy mysql_proxy mysqlproxy naginator nagios namenode nameserver netinstall network network_config network_interface networking NFS nginx nmap noah node nodejs nosql notification nova nrpe ntp ntpd nullmailer OEL openfire opennebula openssh openssl openstack OpenSUSE openvpn openvz operating operating system operating systems operatingsystem operatingsystems operations opsview orchestration os ossec osx ovh pacemaker package package management packages packaging PAM pam_access passenger password pe pear percona performance perl permissions pflogsumm php phpqa phpqatools phpsysinfo phptools physical_volume pick pkgin planet platform pop posix postfix postgres postgresql postmark ppa probe proc processor production-ready profile_d proftpd Programming Languages Proliant prosvc provider provisioner provisioning proxy psumac psumac2012 puppet puppetlabs puppetmaster puppi pure-ftpd pureftpd pushover pwgen PXE python qa queue rabbitmq rack raid rails rbenv redhat redis-server relay replication repo report reporting repositories repository request resolv resolv_conf resolvconf resolver resources rest restart rhel rhel5 rhel6 role route53 RPM rpmbuild RRD rsnapshot RSpec rsync rsyslog rt ruby rubygems runtime samba satellite scm screen scribe scrumworks search SecretServer security sendmail server service services servlet settings shell shortcut sieve sip sipfoundry sipx sipxecs SMF smokeping smtp snmp snmpd solaris solr sonar spam spamassassin sphinx sphinxsearch splunk sql sqlgrey sqlite ssh sshd ssl stages standard standards statistics stdlib stomp storage storeconfigs subversion subversion-client sudo SuSE SVC svn svnrepo symfony synchronisation sysctl syslog syslog-ng system systems tar tcp test Testing tftp thin thrift thycotic ticketing tidy time timezone tls tmpfs tmpwatch tomcat tomcat6 tool tools tracker" traut Trending tuning tunnel two type ubuntu udp unbound unconfigured untar user users utilities utils validation vcs version vhost vim virtual virtual-environment virtualhost virtualization vm vmtools vmware vmware-tools vmware_tools vnc VOIP volume volume_group voms vpn wars web web servers webapp webapp-config webserver webservers wget wiki windows wordpress x x11 xen xinetd xmpp yast yum zeromq zones zookeeper zypp zypper