Module iptables
In: /modules/iptables/manifests/init.pp
/modules/iptables/manifests/params.pp

iptables

This is a simple monolithic iptables module which is based around a single class and a single template for all rules. It has the disadvantage of not being modular, but has the advantages of being very simple and robust.

To manage IPv6 rules in the same way, see the ip6tables module.

Note: "iptables" is still a definition, but will be changed into a parametrized class at some point, since it is not meant to be called more than once.

# Sample Usage

Simple rules to allow ssh, http and https globally :

    iptables { '/etc/sysconfig/iptables':
        tcpports => [ '22', '80', '443' ],
    }

More complex rules :

    iptables { '/etc/sysconfig/iptables':
        ethpub       => 'br0',
        ethpriv      => 'br1',
        tcpports     => [ '53', '80', '443' ],
        udpports     => [ '53' ],
        privtcpports => [ '3306' ],
        hosts_ssh    => [ '192.0.2.1' ],
        knock        => true, knockone => '1111', knocktwo => '2222',
        masq         => true,
    }

Defines

iptables  

Classes and Modules

Class iptables::params

Defines

iptables( $raw_rules_filter => [], $knock => 'false', $openvpn_port => '1194', $openvpn => 'false', $iptables_save => '/var/lib/iptables/rules-save', $save_counter => 'no', $sysctl_load_list => 'undef', $status_linenumbers => 'yes', $save_on_restart => 'no', $icmp_limit_enable => 'true', $dnat_tcp_port => '', $knocktwo => '54321', $knockone => '12345', $openvpn_host => ['"127.0.0.1"'], $srcudpports => '', $fwmark => '', $status_verbose => 'no', $srctcpports => '', $chains_filter => '', $modules_unload => 'yes', $masq => 'false', $redirect_tcp_port => '', $privtcpports => [], $lsnraddrs => [], $ospf => [], $vrrp => [], $protectpriv => 'false', $status_numeric => 'yes', $hosts_snmp => 'false', $sipaddrs => [], $udpports => [], $save_restore_options => '', $modules => '', $privudpports => [], $tcpports => [], $icmp_limit => '50/sec', $knocktcpopen => ['"22"'], $hosts_nrpe => 'false', $ethpriv => 'eth1', $ethpub => 'eth0', $save_on_stop => 'no', $raw_rules_nat => [], $openvpn_proto => 'udp', $hosts_ssh => 'false' )

[Validate]