Hi,
I quite like the look of the firewalld puppet module and plan to give it a whirl on a couple of CentOS 7 boxes.
What I'd find really useful would be an example puppet manifest that uses the module to replicate the default, out-of-the-box CentOS firewall settings. I could then take that and modify it as required.
Any chance?
R.
On 12/14/2014 10:18 PM, Robin Bowes wrote:
Hi,
I quite like the look of the firewalld puppet module and plan to give it a whirl on a couple of CentOS 7 boxes.
What I'd find really useful would be an example puppet manifest that uses the module to replicate the default, out-of-the-box CentOS firewall settings. I could then take that and modify it as required.
The default zone in firewalld is called 'public' and it [1] allows only 'ssh' and 'dhcpv6-client' services. There are some example manifests, like [2] so the one that would replicate the default zone would look something like:
firewalld::zone { 'public': services => ['ssh', 'dhcpv6-client'], }
[1] https://git.fedorahosted.org/cgit/firewalld.git/tree/config/zones/public.xml [2] https://github.com/jpopelka/puppet-firewalld/blob/master/examples/zone.pp
-- Jiri
firewalld-users@lists.stg.fedorahosted.org
-
Jiri Popelka -
Robin Bowes