cdist-type__firewalld_rule - Man Page
Configure firewalld rules
Description
This cdist type allows you to manage rules in firewalld using the direct way (i.e. no zone support).
Required Parameters
- rule
The rule to apply. Essentially an firewalld command line without firewalld in front of it.
- protocol
Either ipv4, ipv4 or eb. See firewall-cmd(1)
- table
The table to use (like filter or nat). See firewall-cmd(1).
- chain
The chain to use (like INPUT_direct or FORWARD_direct). See firewall-cmd(1).
- priority
The priority to use (0 is topmost). See firewall-cmd(1).
Optional Parameters
- state
'present' or 'absent', defaults to 'present'
Examples
# Allow access from entrance.place4.ungleich.ch
__firewalld_rule entrance \
--protocol ipv4 \
--table filter \
--chain INPUT_direct \
--priority 0 \
--rule '-s entrance.place4.ungleich.ch -j ACCEPT'
# Allow forwarding of traffic from br0
__firewalld_rule vm-forward --protocol ipv4 \
--table filter \
--chain FORWARD_direct \
--priority 0 \
--rule '-i br0 -j ACCEPT'
# Ensure old rule is absent - warning, the rule part must stay the same!
__firewalld_rule vm-forward
--protocol ipv4 \
--table filter \
--chain FORWARD_direct \
--priority 0 \
--rule '-i br0 -j ACCEPT' \
--state absentSee Also
cdist-type__iptables_rule(7), firewalld(8)
Authors
Nico Schottelius <nico-cdist--@--schottelius.org>
Copying
Copyright (C) 2015 Nico Schottelius. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
Copyright
ungleich GmbH 2021