Puppet Firewall

It is a module of puppet
Official Page for the module https://forge.puppetlabs.com/puppetlabs/firewall

INSTALL/UPGRADE

Install

puppet module install puppetlabs-firewall
Notice: Preparing to install into /etc/puppet/modules ...
Error: Could not install module 'puppetlabs-firewall' (latest)
  Module 'puppetlabs-firewall' (v0.4.2) is already installed
    Use `puppet module upgrade` to install a different version
    Use `puppet module install --force` to re-install only this module

Upgrade

# puppet module upgrade puppetlabs-firewall
Notice: Preparing to upgrade 'puppetlabs-firewall' ...
Notice: Found 'puppetlabs-firewall' (v0.4.2) in /etc/puppet/modules ...
Notice: Downloading from https://forge.puppetlabs.com ...
Notice: Upgrading -- do not interrupt ...
/etc/puppet/modules
└── puppetlabs-firewall (v0.4.2 -> v1.0.2)

Basic Configuration

Understand the configuration from the puppet guide was not simple
Here my environment

  • manifests/site.pp (where there is my node)
  • modules/firewall/ (the stuff installed by the system)
  • modules/my_firewall/manifests/ (where there is my modules with my files) init.pp , pre.pp , post.pp

site.pp

node puppetclientvirtual {
    include my_firewall     
}

init.pp

class my_firewall {
  include my_firewall::post,my_firewall::pre
  resources { "firewall":
    purge => true
  }
  Firewall {
    before  => Class['my_firewall::post'],
    require => Class['my_firewall::pre'],
  }

  class { 'firewall': }
}

pre.pp and post.pp are the same of the guide

Advanced Configuration

Some rules to remember

  • in the first row you must put the number for the rule else you have an error, it is not a comment
firewall { '099 connection for mysql for':
  • the vector use works for port but not for ip
#NO MISTAKES !!!!!!
 source => ['192.168.10.2/32', '192.168.11.58/32', '192.168.1.42/32']
# YES WORKS
port   => [80, 443],
  • to specify multisource but in one range there is
src_range => '192.168.1.1-192.168.1.10'
  • the same is for destination
Salvo diversa indicazione, il contenuto di questa pagina è sotto licenza Creative Commons Attribution-ShareAlike 3.0 License