profile_firewall: Initial firewall configuration
Initial firewall configuration
include profile_firewallThe following parameters are available in the profile_firewall class:
Data type: Hash
Lists of regex's telling Puppet to NOT remove matching rules, even if the rules were not added by Puppet.
Keys must be in "CHAIN:TABLE:PROTOCOL" format. Values must be an Array of strings in Ruby regex format. See README for some basic examples, or the following for more details: https://forge.puppet.com/puppetlabs/firewall/reference#firewallchain
Data type: Array
List of strings. All existing iptables chains will be collected by a custom fact. If any chain name starts with one of these prefixes, that chain, and any rules in that chain, will be ignored by Puppet.
Data type: Hash
Exceptions to start the firewall rules Keys must begin with a 3-digit numer followed by a comment. The 3-digit number indicates firewall rule order, lower numbered rules are added before higher numbers. See README for some basic examples, or the following for more details: https://forge.puppet.com/puppetlabs/firewall/readme#beginning-with-firewall
Data type: Hash
Exceptions to end the firewall rules. Keys must begin with a 3-digit numer followed by a comment. The 3-digit number indicates firewall rule order, lower numbered rules are added before higher numbers. See README for some basic examples, or the following for more details: https://forge.puppet.com/puppetlabs/firewall/readme#beginning-with-firewall
Data type: Hash
Generic firewall rules. Keys must begin with a 3-digit numer followed by a comment. The 3-digit number indicates firewall rule order, lower numbered rules are added before higher numbers. See README for some basic examples, or the following for more details: https://forge.puppet.com/puppetlabs/firewall/readme#beginning-with-firewall
Data type: Hash
Default Linux chains. Module defaults should be sufficient. Keys must be in "CHAIN:TABLE:PROTOCOL" format. Values must be Hash of valid puppetlabs::firewallchain parameters