Forge Home

firewalld2iptables

A Puppet module to replace firewalld with iptables

18,592 downloads

8,837 latest version

3.6 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 0.2.0 (latest)
  • 0.1.2
  • 0.1.0
released Feb 24th 2017
This version is compatible with:
  • Puppet Enterprise 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >= 2.7.0 < 5.0.0
  • ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'genebean-firewalld2iptables', '0.2.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add genebean-firewalld2iptables
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install genebean-firewalld2iptables --version 0.2.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download

Documentation

genebean/firewalld2iptables — version 0.2.0 Feb 24th 2017

Puppet Forge GitHub tag

firewalld2iptables

Table of Contents

  1. Overview
  2. Parameters
  3. Usage
  4. Limitations
  5. License
  6. Contributing

Overview

This module takes care of performing the conversion described at https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Firewalls.html#sec-Using_iptables

Parameters:

manage_package

Installs the iptables-services package when true, which is the default value.
type: boolean

iptables_ensure

This value is passed to the ensure key of the resource. This should be 'present' or 'latest'. The default value is 'present'.

iptables_enable

Determines if iptables is enabled. Defaults to true.
type: boolean

ip6tables_enable

Determines if ip6tables is enabled. Defaults to true.
type: boolean

Usage:

Simple usage:

include ::firewalld2iptables

In manifests that also utilize puppetlabs-firewall or other methdods of configuring iptables you need to ensure that this is run first. To do that, just change the include line to require like so:

require ::firewalld2iptables

Manage the iptables-services package elsewhere

class { '::firewalld2iptables': $manage_package => false, }

Limitations

This module is targeted at systems that are known to include firewalld. Right now, that is solely the Red Hat 7 family of OS's. Contributions to expand coverage to other OS's are welcome.

License

This is released under the New BSD / BSD-3-Clause license. A copy of the license can be found in the root of the module.

Contributing

Pull requests are welcome!