Hi,
this is just heads-up to let you know early, that I've started working on firewalld module for Puppet recently. It's in very early stage, because I knew nothing about Puppet a week ago.
It lives here: https://github.com/jpopelka/puppet-firewalld
Testing it on Fedora is piece of cake, just get a repo file from https://copr.fedoraproject.org/coprs/jpopelka/puppet-firewalld/ and put it into /etc/yum.repos.d/ There's only rawhide-x86_64 for Fedora, but that should be fine for all Fedoras/archs, because the module is noarch.
Install the module with: # yum install puppet-firewall
Then try the included example with: # puppet apply /usr/share/doc/puppet-firewalld/examples/misc-example.pp
What the example does at the moment is: - install firewalld package - disable ip[6]table services - create a zone called "custom" with few opened ports and predefined services - set it as default zone - (re)start firewalld
Sample of documentation is here: http://jpopelka.fedorapeople.org/puppet-firewalld/doc/firewalld/zone.html
I'll be glad for any suggestions as I know very little about what Puppet can and can't do.
-- Jiri