16.48. cdist-type__firewalld_rule(7)¶
16.48.1. NAME¶
cdist-type__firewalld_rule - Configure firewalld rules
16.48.2. DESCRIPTION¶
This cdist type allows you to manage rules in firewalld using the direct way (i.e. no zone support).
16.48.3. REQUIRED PARAMETERS¶
- rule
- The rule to apply. Essentially an firewalld command line without firewalld in front of it.
- protocol
- Either ipv4, ipv4 or eb. See firewall-cmd(1)
- table
- The table to use (like filter or nat). See firewall-cmd(1).
- chain
- The chain to use (like INPUT_direct or FORWARD_direct). See firewall-cmd(1).
- priority
- The priority to use (0 is topmost). See firewall-cmd(1).
16.48.4. OPTIONAL PARAMETERS¶
- state
- 'present' or 'absent', defaults to 'present'
16.48.5. EXAMPLES¶
# Allow access from entrance.place4.ungleich.ch
__firewalld_rule entrance \
--protocol ipv4 \
--table filter \
--chain INPUT_direct \
--priority 0 \
--rule '-s entrance.place4.ungleich.ch -j ACCEPT'
# Allow forwarding of traffic from br0
__firewalld_rule vm-forward --protocol ipv4 \
--table filter \
--chain FORWARD_direct \
--priority 0 \
--rule '-i br0 -j ACCEPT'
# Ensure old rule is absent - warning, the rule part must stay the same!
__firewalld_rule vm-forward
--protocol ipv4 \
--table filter \
--chain FORWARD_direct \
--priority 0 \
--rule '-i br0 -j ACCEPT' \
--state absent
16.48.6. SEE ALSO¶
cdist-type__iptables_rule(7), firewalld(8)
16.48.7. AUTHORS¶
Nico Schottelius <nico-cdist--@--schottelius.org>
16.48.8. COPYING¶
Copyright (C) 2015 Nico Schottelius. You can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.