Puppet Class: firewall

Inherits:

::firewall::params

Defined in:

manifests/init.pp

Summary

Overview

Performs the basic setup tasks required for using the firewall resources.

At the moment this takes care of:

iptables-persistent package installation Include the firewall class for nodes that need to use the resources in this module:

Examples:

class { 'firewall': }

Parameters:

• ensure (Any) (defaults to: running) —

  Controls the state of the ipv4 iptables service on your system. Valid options: ‘running’ or ‘stopped’.

• ensure_v6 (Any) (defaults to: undef) —

  Controls the state of the ipv6 iptables service on your system. Valid options: ‘running’ or ‘stopped’.

• pkg_ensure (Any) (defaults to: present) —

  Controls the state of the iptables package on your system. Valid options: ‘present’ or ‘latest’.

• service_name (Any) (defaults to: $firewall::params::service_name) —

  Specify the name of the IPv4 iptables service.

• service_name_v6 (Any) (defaults to: $firewall::params::service_name_v6) —

  Specify the name of the IPv6 iptables service.

• package_name (Any) (defaults to: $firewall::params::package_name) —

  Specify the platform-specific package(s) to install.

• ebtables_manage (Any) (defaults to: false) —

  Controls whether puppet manages the ebtables package or not. If managed, the package will use the value of pkg_ensure.

# File 'manifests/init.pp', line 33

class firewall (
  $ensure          = running,
  $ensure_v6       = undef,
  $pkg_ensure      = present,
  $service_name    = $firewall::params::service_name,
  $service_name_v6 = $firewall::params::service_name_v6,
  $package_name    = $firewall::params::package_name,
  $ebtables_manage = false,
) inherits ::firewall::params {
  $_ensure_v6 = pick($ensure_v6, $ensure)

  case $ensure {
    /^(running|stopped)$/: {
      # Do nothing.
    }
    default: {
      fail("${title}: Ensure value '${ensure}' is not supported")
    }
  }

  if $ensure_v6 {
    case $ensure_v6 {
      /^(running|stopped)$/: {
        # Do nothing.
      }
      default: {
        fail("${title}: ensure_v6 value '${ensure_v6}' is not supported")
      }
    }
  }

  case $::kernel {
    'Linux': {
      class { "${title}::linux":
        ensure          => $ensure,
        ensure_v6       => $_ensure_v6,
        pkg_ensure      => $pkg_ensure,
        service_name    => $service_name,
        service_name_v6 => $service_name_v6,
        package_name    => $package_name,
        ebtables_manage => $ebtables_manage,
      }
      contain "${title}::linux"
    }
    'FreeBSD', 'windows': {
    }
    default: {
      fail("${title}: Kernel '${::kernel}' is not currently supported")
    }
  }
}