Skip to content

joseg2/joseg2-win_fw

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

39 Commits
manifests
manifests
 
 
spec
spec
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
metadata.json
metadata.json
 
 

Repository files navigation

puppet-firewall

Firewall management for Windows, Linux, and OS/X

Note: At the moment, only Windows (7, 2008R2, 8, 8.1, 2012R2) is implemented.

Description

Unified types and rules to manage firewall.

Installation

Via puppet module:

$ puppet module install gildas-firewall

Via librarian-puppet or r10k, by adding the following line to your Puppetfile:

mod 'gildas/firewall'

Usage

Load the base class:

include firewall

By default, firewall resources that are declared in hiera will be automatically loaded and created. If you do not want this behavior, configure the base class as follows:

class {'firewall':
  hiera_loader => false
}

Configuring the firewall

To configure firewall rules, simply instanciate resources in you manifests, e.g.:

  firewall::rule { 'SQLServer':
    rule        => 'SQLServer-Instance-In-TCP',
    ensure      => enabled,
    create      => true,
    display     => 'SQLServer Instance (TCP-In)',
    description => 'Inbound Rule to access the SQLServer instance [TCP 1433]',
    action      => 'Allow',
    direction   => 'Inbound',
    protocol    => 'TCP',
    local_port  => 1433,
  }

This resource creates a rule (as needed) to allow incoming SQL Server communication.

If a rule should already exist in Windows and just be enabled or disabled, you can do the following:

  firewall::rule { 'WinRM':
    rule   => 'WINRM-HTTP-In-TCP-NoScope',
    ensure => enabled,
  }

Note: It is not possible to delete rules yet.

Similarly, it is possible to enable firewall groups:

  firewall::group { 'File and Printer Sharing':
    group  => '@FirewallAPI.dll,-28502',
    ensure => enabled,
  }

Note: It is not possible to create/delete groups yet.

Finally, managing firewall profiles:

  firewall::profile { "Private":
    profile => "Private",
    ensure  => enabled,
  }

Hiera configuration

If you use hiera, the puppet class firewall will search for firewall entries and create resources. At the moment, the following firewall entries are available:

  • firewall::profiles
  • firewall::groups
  • firewall::rules

For example, to configure the Remote Desktop group in Windows, add the following to you hiera database:

{
  ...

  "firewall::groups": {
    "Remote Desktop":
    {
      "group":  "@FirewallAPI.dll,-28752",
      "ensure": "enabled"
    }
  },

  ...
}

Or to accept WinRM connections over HTTP on Windows 8/8.1:

{
  ...

  "firewall::rules": {
    "WINRM-HTTP-In-TCP-NoScope":
    {
      "rule": "WINRM-HTTP-In-TCP-NoScope",
      "ensure": "enabled"
    },
  
  ...
}

About

Firewall management for Windows, Linux, and OS/X

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Puppet 96.7%
  • Ruby 3.3%