Module: iptables

iptables

This is a simple monolithic iptables module which is based around a single class and a single template for all rules. It has the disadvantage of not being modular, but has the advantages of being very simple and robust.

To manage IPv6 rules in the same way, see the ip6tables module.

Note: "iptables" is still a definition, but will be changed into a parametrized class at some point, since it is not meant to be called more than once.

`iptables` : Main class to enable and configure IPv4 iptables rules.
`iptables::params` : Class to set distribution specific defaults.

# Sample Usage

Simple rules to allow ssh, http and https globally :

    iptables { '/etc/sysconfig/iptables':
        tcpports => [ '22', '80', '443' ],
    }

More complex rules :

    iptables { '/etc/sysconfig/iptables':
        ethpub       => 'br0',
        ethpriv      => 'br1',
        tcpports     => [ '53', '80', '443' ],
        udpports     => [ '53' ],
        privtcpports => [ '3306' ],
        hosts_ssh    => [ '192.0.2.1' ],
        knock        => true, knockone => '1111', knocktwo => '2222',
        masq         => true,
    }

Defines

iptables

Classes and Modules

Class iptables::params

Defines

iptables( $raw_rules_filter => [], $knock => 'false', $openvpn_port => '1194', $openvpn => 'false', $iptables_save => '/var/lib/iptables/rules-save', $save_counter => 'no', $sysctl_load_list => 'undef', $status_linenumbers => 'yes', $save_on_restart => 'no', $icmp_limit_enable => 'true', $dnat_tcp_port => '', $knocktwo => '54321', $knockone => '12345', $openvpn_host => ['"127.0.0.1"'], $srcudpports => '', $fwmark => '', $status_verbose => 'no', $srctcpports => '', $chains_filter => '', $modules_unload => 'yes', $masq => 'false', $redirect_tcp_port => '', $privtcpports => [], $lsnraddrs => [], $ospf => [], $vrrp => [], $protectpriv => 'false', $status_numeric => 'yes', $hosts_snmp => 'false', $sipaddrs => [], $udpports => [], $save_restore_options => '', $modules => '', $privudpports => [], $tcpports => [], $icmp_limit => '50/sec', $knocktcpopen => ['"22"'], $hosts_nrpe => 'false', $ethpriv => 'eth1', $ethpub => 'eth0', $save_on_stop => 'no', $raw_rules_nat => [], $openvpn_proto => 'udp', $hosts_ssh => 'false' )