We're using the puppetlabs/firewall module and we wanted a way to pass all
of our firewall data through the Foreman web UI for ease of quickly
adding/deleting firewall rules. This is what we came up with, in case
anyone else is interested.
Created a new module: ex. custom_firewall (init.pp, pre.pp, post.pp)
init.pp:
class custom_firewall($firewall_data = false) {
include custom_firewall::pre
include custom_firewall::post
include firewall
resources { "firewall":
purge => true
}
Firewall {
before => Class['custom_firewall::post'],
require => Class['custom_firewall::pre'],
}
if $firewall_data != false {
create_resources('firewall', $firewall_data)
}
}
pre.pp ( Include any default firewall rules you want here that will load
every time regardless. ex. icmp):
class custom_firewall::pre {
Firewall {
require => undef,
}
firewall {'000 accept all icmp':
proto => 'icmp',
action => 'accept',
}
}
*post.pp *(final line of iptables):
class custom_firewall::post {
firewall { '999 drop all':
proto => 'all',
action => 'drop',
before => undef,
}
}
Now, import the classes into foreman. Under the custom_firewall class, set
the $firewall_data param to yaml. At this point you can pass in any
additional firewall rules via yaml.
ex.
"007 accept tcp tomcat requests":
port:
- "8080"
- "8009"
- "8999"
proto: tcp
action: accept
Hope this helps.