Module: ip6tables

ip6tables

This is a simple monolithic ip6tables module which is based around a single class and a single template for all rules. It has the disadvantage of not being modular, but has the advantages of being very simple and robust.

To manage IPv4 rules in the same way, see the iptables module.

Note: "ip6tables" is still a definition, but will be changed into a parametrized class at some point, since it is not meant to be called more than once.

`ip6tables` : Main class to enable and configure IPv6 iptables rules.
`ip6tables::params` : Class to set distribution specific defaults.

# Sample Usage

Simple rules to allow ssh, http and https globally :

    ip6tables { '/etc/sysconfig/iptables':
        tcpports => [ '22', '80', '443' ],
    }

More complex rules :

    ip6tables { '/etc/sysconfig/iptables':
        ethpub       => 'br0',
        ethpriv      => 'br1',
        tcpports     => [ '53', '80', '443' ],
        udpports     => [ '53' ],
        privtcpports => [ '3306' ],
        hosts_ssh    => [ 'fe80::223:aeff:fe75:1302' ],
        knock        => true, knockone => '1111', knocktwo => '2222',
    }

Defines

ip6tables

Classes and Modules

Class ip6tables::params

Defines

ip6tables( $raw_rules_filter => [], $knock => 'false', $openvpn_port => '1194', $openvpn => 'false', $save_counter => 'no', $sysctl_load_list => 'undef', $status_linenumbers => 'yes', $save_on_restart => 'no', $icmp_limit_enable => 'true', $ip6tables_save => '/var/lib/ip6tables/rules-save', $knocktwo => '54321', $knockone => '12345', $openvpn_host => ['"127.0.0.1"'], $srcudpports => '', $fwmark => '', $status_verbose => 'no', $srctcpports => '', $chains_filter => '', $modules_unload => 'yes', $privtcpports => [], $lsnraddrs => [], $ospf => [], $vrrp => [], $protectpriv => 'false', $status_numeric => 'yes', $hosts_snmp => 'false', $sipaddrs => [], $udpports => [], $save_restore_options => '', $modules => '', $privudpports => [], $tcpports => [], $icmp_limit => '50/sec', $knocktcpopen => ['"22"'], $hosts_nrpe => 'false', $ethpriv => 'eth1', $ethpub => 'eth0', $save_on_stop => 'no', $openvpn_proto => 'udp', $hosts_ssh => 'false' )