Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/gongo/itamae-plugin-resource-firewalld
Itamae resource plugin to manage firewalld
https://github.com/gongo/itamae-plugin-resource-firewalld
Last synced: about 4 hours ago
JSON representation
Itamae resource plugin to manage firewalld
- Host: GitHub
- URL: https://github.com/gongo/itamae-plugin-resource-firewalld
- Owner: gongo
- License: mit
- Created: 2014-12-20T11:56:08.000Z (almost 10 years ago)
- Default Branch: master
- Last Pushed: 2015-10-03T05:20:49.000Z (about 9 years ago)
- Last Synced: 2024-11-06T09:39:34.098Z (2 days ago)
- Language: Ruby
- Size: 251 KB
- Stars: 11
- Watchers: 2
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.txt
Awesome Lists containing this project
README
# Itamae::Plugin::Resource::Firewalld
[Itamae](https://github.com/ryotarai/itamae) resource plugin to manage [firewalld](https://fedorahosted.org/firewalld/).
[](https://travis-ci.org/gongo/itamae-plugin-resource-firewalld)
[](https://coveralls.io/r/gongo/itamae-plugin-resource-firewalld?branch=master)
[](https://codeclimate.com/github/gongo/itamae-plugin-resource-firewalld)
## Usage
```ruby
service 'firewalld' do
action [:start, :enable]
end
firewalld_zone 'external' do
interfaces %w(enp0s8 enp0s9)
services %w(ssh)
masquerade true
notifies :restart, 'service[firewalld]'
end
firewalld_zone 'public' do
interfaces %w(enp0s3)
services %w(ssh https mysql)
ports %w(8080/tcp 4243/udp)
default_zone true
notifies :restart, 'service[firewalld]'
end
```
After `itamae` execute:
```
$ sudo firewall-cmd --list-all --zone external
external (active)
interfaces: enp0s8 enp0s9
sources:
services: ssh
ports:
masquerade: yes
forward-ports:
icmp-blocks:
rich rules:
$ sudo firewall-cmd --list-all --zone public
public (default, active)
interfaces: enp0s3
sources:
services: https mysql ssh
ports: 4243/udp 8080/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
```
### See also
Demonstration environment [examples](./examples)
## Installation
Add this line to your application's Gemfile:
```ruby
gem 'itamae-plugin-resource-firewalld'
```
And then execute:
$ bundle
Or install it yourself as:
$ gem install itamae-plugin-resource-firewalld
## Features
### firewalld_zone
Provides a `firewalld_zone` resource that operation of `Zone`:
```ruby
firewalld_zone 'zone_name' do
name # [String]
interfaces # [Array of string]
sources # [Array of string]
services # [Array of string]
ports # [Array of string]
forward_ports # [Array of string]
icmp_blocks # [Array of string]
rich_rules # [Array of string]
masquerade # [True / False]
default_zone # [True] Ignored other
end
```
### firewalld_service
Provides a `firewalld_service` resource that can create or delete of `Service`:
```ruby
firewalld_service 'my-service' do
action # [:create or :delete]
short # [String]
description # [String]
ports # [Array of String]
module_name # [String]
to_ipv4 # [String]
to_ipv6 # [String]
end
```
After `itamae` execute, `/etc/firewalld/service/my-service.xml` is created.
## IMPORTANT
`itamae-plugin-resource-firewalld`'s resource performs the processing `firewall-cmd` with [--permanent](http://fedoraproject.org/wiki/FirewallD#Permanent_zone_handling) .
## TODO
Unimplemented:
- Add a new `zone` and `icmptype` resource
- Operation of `Direct`, `Lockdown`
- Etc...
I'll be waiting for your pull request :bow:
## Contributing
1. Fork it ( https://github.com/gongo/itamae-plugin-resource-firewalld/fork )
2. Create your feature branch (`git checkout -b my-new-feature`)
3. Commit your changes (`git commit -am 'Add some feature'`)
4. Push to the branch (`git push origin my-new-feature`)
5. Create a new Pull Request