Skip to content

Instantly share code, notes, and snippets.

@linuxmail
Forked from pmoranga/puppet-firewall-docker.pp
Created December 19, 2022 11:49
Show Gist options
  • Save linuxmail/ef908cd3bb8154e6c2f0c9f11051082c to your computer and use it in GitHub Desktop.
Save linuxmail/ef908cd3bb8154e6c2f0c9f11051082c to your computer and use it in GitHub Desktop.
Make puppetlabs-firewall works with docker smoothly
class my_fw::pre {
# Disable due to selective purges of firewallchain
# resources { "firewall":
# purge => true
# }
# Avoid removing Docker rules:
firewallchain { 'FORWARD:filter:IPv4':
purge => true,
ignore => [ 'docker' ],
}
firewallchain { 'DOCKER:filter:IPv4':
purge => false,
}
firewallchain { 'DOCKER:nat:IPv4':
purge => false,
}
firewallchain { 'POSTROUTING:nat:IPv4':
purge => true,
ignore => [ 'docker', '172.17' ],
}
firewallchain { 'PREROUTING:nat:IPv4':
purge => true,
ignore => [ 'DOCKER' ],
}
#ensure input rules are cleaned out
firewallchain { 'INPUT:filter:IPv4':
ensure => present,
purge => true,
}
# Block what ever.....
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment