Skip to content

copyleft/attachmentgenie-ufw

This branch is 1 commit ahead of attachmentgenie/attachmentgenie-ufw:master.

Folders and files

NameName
Last commit message
Last commit date
Sep 28, 2019
Sep 28, 2019
Aug 30, 2016
Sep 22, 2017
Sep 28, 2019
Feb 5, 2018
Oct 18, 2014
Sep 28, 2019
Sep 28, 2019
Sep 28, 2019
Feb 26, 2018
Sep 28, 2019
Sep 28, 2019
Oct 17, 2018
Sep 28, 2019
Jan 12, 2017
Sep 28, 2019
Oct 17, 2018
Sep 22, 2017
Dec 14, 2015
Sep 28, 2019
Sep 19, 2017
Sep 22, 2017
Jul 25, 2016
Aug 30, 2016
Sep 28, 2019
Sep 28, 2019
Sep 28, 2019
May 14, 2024

Repository files navigation

Build Status

Puppet UFW Module

Module for configuring UFW (Uncomplicated Firewall).

Usage

If you include the ufw class the package will be installed, the service will be enabled, and all incomming connections will be denied:

include ufw

You can change the forward policy, which defaults to DROP:

class { 'ufw':
  forward => 'ACCEPT',
}

You can change block also the outgoing traffic by default:

class { 'ufw':
  deny_outgoing => true,
}

You can then allow certain connections:

ufw::allow { "allow-ssh-from-all":
  port => '22',
}

ufw::allow { "allow-all-from-trusted":
  from => "10.0.0.145",
}

ufw::allow { "allow-http-on-specific-interface":
  port => '80',
  ip => "10.0.0.20",
}

ufw::allow { "allow-outgoing-dns-over-udp":
  port => '53',
  proto => "udp",
  direction => "out",
}

Ranges are created via

ufw::allow { 'all http ports'
  port  => '8000:8999',
  proto => 'tcp'.
}

n.b.: ranges require the protocol to be tcp or udp. It cannot be any.

You can also rate limit certain ports (the IP is blocked if it initiates 6 or more connections within 30 seconds):

ufw::limit { '22': }

To delete a single rule, add ensure => absent to the allow.

ufw::allow { "allow-ssh-from-all":
  ensure => absent,
  port   => '22',
}

Like most Puppet resources, allow this to successfully run on all your machines at least once before removing it, in order to assure that the rule is gone.

Known Limitations

Currently it is not possible to purge unmanaged rules and remove defined rules this will need to be done manually. (see #21 )

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Ruby 67.2%
  • Puppet 32.8%