Forge Home


A Puppet module to replace firewalld with iptables


8,879 latest version

3.6 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 0.2.0 (latest)
  • 0.1.2
  • 0.1.0
released Feb 24th 2017
This version is compatible with:
  • Puppet Enterprise 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >= 2.7.0 < 5.0.0
  • ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'genebean-firewalld2iptables', '0.2.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add genebean-firewalld2iptables
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install genebean-firewalld2iptables --version 0.2.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.



genebean/firewalld2iptables — version 0.2.0 Feb 24th 2017

Puppet Forge GitHub tag


Table of Contents

  1. Overview
  2. Parameters
  3. Usage
  4. Limitations
  5. License
  6. Contributing


This module takes care of performing the conversion described at



Installs the iptables-services package when true, which is the default value.
type: boolean


This value is passed to the ensure key of the resource. This should be 'present' or 'latest'. The default value is 'present'.


Determines if iptables is enabled. Defaults to true.
type: boolean


Determines if ip6tables is enabled. Defaults to true.
type: boolean


Simple usage:

include ::firewalld2iptables

In manifests that also utilize puppetlabs-firewall or other methdods of configuring iptables you need to ensure that this is run first. To do that, just change the include line to require like so:

require ::firewalld2iptables

Manage the iptables-services package elsewhere

class { '::firewalld2iptables': $manage_package => false, }


This module is targeted at systems that are known to include firewalld. Right now, that is solely the Red Hat 7 family of OS's. Contributions to expand coverage to other OS's are welcome.


This is released under the New BSD / BSD-3-Clause license. A copy of the license can be found in the root of the module.


Pull requests are welcome!