On 12/14/2014 10:18 PM, Robin Bowes wrote:
Hi,
I quite like the look of the firewalld puppet module and plan to give it
a whirl on a couple of CentOS 7 boxes.
What I'd find really useful would be an example puppet manifest that
uses the module to replicate the default, out-of-the-box CentOS firewall
settings. I could then take that and modify it as required.
The default zone in firewalld is called 'public' and it [1] allows only
'ssh' and 'dhcpv6-client' services. There are some example manifests,
like [2] so the one that would replicate the default zone would look
something like:
firewalld::zone { 'public':
services => ['ssh', 'dhcpv6-client'],
}
[1]
https://git.fedorahosted.org/cgit/firewalld.git/tree/config/zones/public.xml
[2]
https://github.com/jpopelka/puppet-firewalld/blob/master/examples/zone.pp
--
Jiri