Universal firewall abstraction module
- Description
- Setup - The basics of getting started with multiwall
- Usage - Configuration options and additional functionality
- Limitations - OS compatibility, etc.
- Development - Guide for contributing to the module
This module abstracts firewall resources based on the structure of resource declarations applied on puppetlabs/firewall
The module is designed with modularisation and expandability in mind. The thought is to abstract firewall resources to create a simple, agnostic, drop-in-replace set of resource types to be used in replacing the firewall and firewallchain resources provided by puppetlabs/firewall
The longer-term view is to allow for the relatively simple expansion adding other firewall types to the module, mapping content and features independently with rules defined in module hiera. Initially, the nftables conversion relies on defined types based on the resources offered by the Vox Pupuli nftables
Module dependencies currently exist for puppetlabs/firewall, puppet/nftables and their underlying dependencies. Any initial setup will require at least two Puppet runs for idempotency, as the first run sets up supported/expected firewall targets and the second applies proper rule enforcement.
Initial setup/configuation of multiwall itself can be done with a simple 'include' on the multiwall resource. The module will attempt to auto-resolve the underlying module choice, based on the default firewall for the OS-family and version.
include multiwallChains can then be defined using multiwall::chain resources:
multiwall::chain { 'INPUT:filter:IPv4':
ensure => present,
policy => drop,
before => undef,
}Include usage examples for common use cases in the Usage section. Show your users how to use your module to solve problems, and be sure to include code examples. Include three to five examples of the most important or common tasks a user can accomplish with your module. Show users how to accomplish more complex tasks that involve different types, classes, and functions working in tandem.
This section is deprecated. Instead, add reference information to your code as Puppet Strings comments, and then use Strings to generate a REFERENCE.md in your module. For details on how to add code comments and generate documentation with Strings, see the Puppet Strings documentation and style guide.
If you aren't ready to use Strings yet, manually create a REFERENCE.md in the root of your module directory and list out each of your module's classes, defined types, facts, functions, Puppet tasks, task plans, and resource types and providers, along with the parameters for each.
For each element (class, defined type, function, and so on), list:
- The data type, if applicable.
- A description of what the element does.
- Valid values, if the data type doesn't make it obvious.
- Default value, if any.
For example:
### `pet::cat`
#### Parameters
##### `meow`
Enables vocalization in your cat. Valid options: 'string'.
Default: 'medium-loud'.
In the Limitations section, list any incompatibilities, known issues, or other warnings.
In the Development section, tell other users the ground rules for contributing to your project and how they should submit their work.
If you aren't using changelog, put your release notes here (though you should
consider using changelog). You can also add any additional sections you feel are
necessary or important to include here. Please use the ## header.