Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/bodgit/puppet-pf

Puppet Module for managing PF
https://github.com/bodgit/puppet-pf

openbsd pf puppet

Last synced: 3 days ago
JSON representation

Puppet Module for managing PF

Host: GitHub
URL: https://github.com/bodgit/puppet-pf
Owner: bodgit
License: apache-2.0
Created: 2018-06-20T07:30:24.000Z (over 6 years ago)
Default Branch: master
Last Pushed: 2018-06-21T17:35:37.000Z (over 6 years ago)
Last Synced: 2025-01-07T15:55:18.383Z (29 days ago)
Topics: openbsd, pf, puppet
Language: Ruby
Homepage: https://forge.puppetlabs.com/bodgit/pf
Size: 70.3 KB
Stars: 0
Watchers: 3
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- License: LICENSE

Awesome Lists containing this project

README

        # pf

Tested with Travis CI

[![Build Status](https://travis-ci.com/bodgit/puppet-pf.svg?branch=master)](https://travis-ci.com/bodgit/puppet-pf)

[![Coverage Status](https://coveralls.io/repos/bodgit/puppet-pf/badge.svg?branch=master&service=github)](https://coveralls.io/github/bodgit/puppet-pf?branch=master)

[![Puppet Forge](http://img.shields.io/puppetforge/v/bodgit/pf.svg)](https://forge.puppetlabs.com/bodgit/pf)

#### Table of Contents

1. [Description](#description)

2. [Setup - The basics of getting started with pf](#setup)

    * [Beginning with pf](#beginning-with-pf)

3. [Usage - Configuration options and additional functionality](#usage)

4. [Reference - An under-the-hood peek at what the module is doing and how](#reference)

5. [Limitations - OS compatibility, etc.](#limitations)

6. [Development - Guide for contributing to the module](#development)

## Description

This module manages the packet filter (pf) firewall primarily found on

OpenBSD. It manages the `/etc/pf.conf` configuration file containing the

firewall rules. It can also manage the user shell (authpf) used for

implementing an authenticating gateway.

OpenBSD is supported using Puppet 4.5.0 or later.

## Setup

### Beginning with pf

To use the default example ruleset:

```puppet

class { '::pf':

  source => '/etc/examples/pf.conf',

}

```

## Usage

To set up the authenticating gateway:

```puppet

include ::bsdauth

include ::bsdauth::authpf

class { '::pf':

  content => @(EOS/L),

    int_if="em0"

    ...

    ťable  persist

    ...

    anchor "authpf/*" in on $int_if

    ...

    | EOS

}

class { '::pf::authpf':

  rules => @(EOS/L),

    int_if="em0"

    ...

    pass in on $int_if inet from  to ! $int_if:network \

      keep state

    ...

    | EOS

}

group { 'alice':

  ensure => present,

}

user { 'alice':

  ensure     => present,

  gid        => 'alice',

  loginclass => 'authpf',

  managehome => true,

}

```

## Reference

The reference documentation is generated with

[puppet-strings](https://github.com/puppetlabs/puppet-strings) and the latest

version of the documentation is hosted at

[https://bodgit.github.io/puppet-pf/](https://bodgit.github.io/puppet-pf/).

## Limitations

This module has been built on and tested against Puppet 4.5.0 and higher.

The module has been tested on:

* OpenBSD 6.2/6.3

## Development

The module has both [rspec-puppet](http://rspec-puppet.com) and

[beaker-rspec](https://github.com/puppetlabs/beaker-rspec) tests. Run them

with:

```

$ bundle exec rake test

$ PUPPET_INSTALL_TYPE=agent PUPPET_INSTALL_VERSION=x.y.z bundle exec rake beaker:

```

Please log issues or pull requests at

[github](https://github.com/bodgit/puppet-pf).