Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-9848

firewall : guess provider type using Stdlib::IP::Address::V6

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Normal
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: firewall
    • Labels:
      None
    • Template:
    • QA Risk Assessment:
      Needs Assessment

      Description

      Module Version: 2.0.0
      Puppet Version: 6.8
      OS Name/Version: CentOS 7 / Ubuntu 18.04

      I have an array of IPv4 and IPv6 addresses, and in order to iterate the items I am forced to use a similar snippet:  

      $trusted_networks.each | String $source | {
        if $source =~ Stdlib::IP::Address::V6 { $provider = 'ip6tables' } else { $provider = 'iptables' }
        firewall { "200 allow inbound to HTTP, HTTPS for ${provider} from ${source}":
          action   => accept,
          provider => $provider,
          chain    => 'INPUT',
          source   => $source,
          dport    => [80,443],
          proto    => tcp;
        }
      }
      

       
      Desired Behavior:

      When provider is not specified the module defaults to IPv4. 

      Instead of defaulting to IPv4, you could use stdlib function to determine the IP type. 

      At this point, I could use firewall_multi (which will take care of iterating) and the above code will become much cleaner: 

      firewall_multi { '200 allow inbound to HTTP, HTTPS':
        action => accept,
        chain  => 'INPUT',
        source => $trusted_networks,
        dport  => [80,443],
        proto  => tcp;

       

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            maxadamo Massimiliano Adamo
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:

                Zendesk Support