Module ip6tables
In: /modules/ip6tables/manifests/init.pp
/modules/ip6tables/manifests/params.pp

ip6tables

This is a simple monolithic ip6tables module which is based around a single class and a single template for all rules. It has the disadvantage of not being modular, but has the advantages of being very simple and robust.

To manage IPv4 rules in the same way, see the iptables module.

Note: "ip6tables" is still a definition, but will be changed into a parametrized class at some point, since it is not meant to be called more than once.

# Sample Usage

Simple rules to allow ssh, http and https globally :

    ip6tables { '/etc/sysconfig/iptables':
        tcpports => [ '22', '80', '443' ],
    }

More complex rules :

    ip6tables { '/etc/sysconfig/iptables':
        ethpub       => 'br0',
        ethpriv      => 'br1',
        tcpports     => [ '53', '80', '443' ],
        udpports     => [ '53' ],
        privtcpports => [ '3306' ],
        hosts_ssh    => [ 'fe80::223:aeff:fe75:1302' ],
        knock        => true, knockone => '1111', knocktwo => '2222',
    }

Defines

ip6tables  

Classes and Modules

Class ip6tables::params

Defines

ip6tables( $raw_rules_filter => [], $knock => 'false', $openvpn_port => '1194', $openvpn => 'false', $save_counter => 'no', $sysctl_load_list => 'undef', $status_linenumbers => 'yes', $save_on_restart => 'no', $icmp_limit_enable => 'true', $ip6tables_save => '/var/lib/ip6tables/rules-save', $knocktwo => '54321', $knockone => '12345', $openvpn_host => ['"127.0.0.1"'], $srcudpports => '', $fwmark => '', $status_verbose => 'no', $srctcpports => '', $chains_filter => '', $modules_unload => 'yes', $privtcpports => [], $lsnraddrs => [], $ospf => [], $vrrp => [], $protectpriv => 'false', $status_numeric => 'yes', $hosts_snmp => 'false', $sipaddrs => [], $udpports => [], $save_restore_options => '', $modules => '', $privudpports => [], $tcpports => [], $icmp_limit => '50/sec', $knocktcpopen => ['"22"'], $hosts_nrpe => 'false', $ethpriv => 'eth1', $ethpub => 'eth0', $save_on_stop => 'no', $openvpn_proto => 'udp', $hosts_ssh => 'false' )

[Validate]