diff --git a/REFERENCE.md b/REFERENCE.md
index ccc5a3b2..4232555e 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -7,12 +7,8 @@
### Classes
* [`firewalld`](#firewalld): Manage the firewalld service
-* [`firewalld::reload`](#firewalldreload): A common point for triggering an intermediary firewalld reload using firewall-cmd
-* [`firewalld::reload::complete`](#firewalldreloadcomplete): A common point for triggering an intermediary firewalld full reload using firewall-cmd
-
-### Defined types
-
-* [`firewalld::custom_service`](#firewalldcustom_service): Creates a new service definition for use in firewalld
+* [`firewalld::reload`](#firewalld--reload): A common point for triggering an intermediary firewalld reload using firewall-cmd
+* [`firewalld::reload::complete`](#firewalld--reload--complete): A common point for triggering an intermediary firewalld full reload using firewall-cmd
### Resource types
@@ -30,7 +26,7 @@
### Functions
-* [`firewalld::safe_filename`](#firewalldsafe_filename): Returns a string that is safe for firewalld filenames
+* [`firewalld::safe_filename`](#firewalld--safe_filename): Returns a string that is safe for firewalld filenames
## Classes
@@ -65,40 +61,40 @@ Copyright 2015 Craig Dunn
The following parameters are available in the `firewalld` class:
-* [`package_ensure`](#package_ensure)
-* [`package`](#package)
-* [`service_ensure`](#service_ensure)
-* [`config_package`](#config_package)
-* [`install_gui`](#install_gui)
-* [`service_enable`](#service_enable)
-* [`zones`](#zones)
-* [`policies`](#policies)
-* [`ports`](#ports)
-* [`services`](#services)
-* [`rich_rules`](#rich_rules)
-* [`custom_services`](#custom_services)
-* [`ipsets`](#ipsets)
-* [`direct_rules`](#direct_rules)
-* [`direct_chains`](#direct_chains)
-* [`direct_passthroughs`](#direct_passthroughs)
-* [`purge_direct_rules`](#purge_direct_rules)
-* [`purge_direct_chains`](#purge_direct_chains)
-* [`purge_direct_passthroughs`](#purge_direct_passthroughs)
-* [`purge_unknown_ipsets`](#purge_unknown_ipsets)
-* [`default_zone`](#default_zone)
-* [`log_denied`](#log_denied)
-* [`cleanup_on_exit`](#cleanup_on_exit)
-* [`zone_drifting`](#zone_drifting)
-* [`minimal_mark`](#minimal_mark)
-* [`lockdown`](#lockdown)
-* [`individual_calls`](#individual_calls)
-* [`ipv6_rpfilter`](#ipv6_rpfilter)
-* [`firewall_backend`](#firewall_backend)
-* [`default_service_zone`](#default_service_zone)
-* [`default_port_zone`](#default_port_zone)
-* [`default_port_protocol`](#default_port_protocol)
-
-##### `package_ensure`
+* [`package_ensure`](#-firewalld--package_ensure)
+* [`package`](#-firewalld--package)
+* [`service_ensure`](#-firewalld--service_ensure)
+* [`config_package`](#-firewalld--config_package)
+* [`install_gui`](#-firewalld--install_gui)
+* [`service_enable`](#-firewalld--service_enable)
+* [`zones`](#-firewalld--zones)
+* [`policies`](#-firewalld--policies)
+* [`ports`](#-firewalld--ports)
+* [`services`](#-firewalld--services)
+* [`rich_rules`](#-firewalld--rich_rules)
+* [`custom_services`](#-firewalld--custom_services)
+* [`ipsets`](#-firewalld--ipsets)
+* [`direct_rules`](#-firewalld--direct_rules)
+* [`direct_chains`](#-firewalld--direct_chains)
+* [`direct_passthroughs`](#-firewalld--direct_passthroughs)
+* [`purge_direct_rules`](#-firewalld--purge_direct_rules)
+* [`purge_direct_chains`](#-firewalld--purge_direct_chains)
+* [`purge_direct_passthroughs`](#-firewalld--purge_direct_passthroughs)
+* [`purge_unknown_ipsets`](#-firewalld--purge_unknown_ipsets)
+* [`default_zone`](#-firewalld--default_zone)
+* [`log_denied`](#-firewalld--log_denied)
+* [`cleanup_on_exit`](#-firewalld--cleanup_on_exit)
+* [`zone_drifting`](#-firewalld--zone_drifting)
+* [`minimal_mark`](#-firewalld--minimal_mark)
+* [`lockdown`](#-firewalld--lockdown)
+* [`individual_calls`](#-firewalld--individual_calls)
+* [`ipv6_rpfilter`](#-firewalld--ipv6_rpfilter)
+* [`firewall_backend`](#-firewalld--firewall_backend)
+* [`default_service_zone`](#-firewalld--default_service_zone)
+* [`default_port_zone`](#-firewalld--default_port_zone)
+* [`default_port_protocol`](#-firewalld--default_port_protocol)
+
+##### `package_ensure`
Data type: `Enum['present','absent','latest','installed']`
@@ -106,7 +102,7 @@ Data type: `Enum['present','absent','latest','installed']`
Default value: `'installed'`
-##### `package`
+##### `package`
Data type: `String`
@@ -114,7 +110,7 @@ Data type: `String`
Default value: `'firewalld'`
-##### `service_ensure`
+##### `service_ensure`
Data type: `Stdlib::Ensure::Service`
@@ -122,7 +118,7 @@ Data type: `Stdlib::Ensure::Service`
Default value: `'running'`
-##### `config_package`
+##### `config_package`
Data type: `String`
@@ -130,23 +126,23 @@ Data type: `String`
Default value: `'firewall-config'`
-##### `install_gui`
+##### `install_gui`
Data type: `Boolean`
-Default value: ``false``
+Default value: `false`
-##### `service_enable`
+##### `service_enable`
Data type: `Boolean`
-Default value: ``true``
+Default value: `true`
-##### `zones`
+##### `zones`
Data type: `Hash`
@@ -154,7 +150,7 @@ Data type: `Hash`
Default value: `{}`
-##### `policies`
+##### `policies`
Data type: `Hash`
@@ -162,7 +158,7 @@ Data type: `Hash`
Default value: `{}`
-##### `ports`
+##### `ports`
Data type: `Hash`
@@ -170,7 +166,7 @@ Data type: `Hash`
Default value: `{}`
-##### `services`
+##### `services`
Data type: `Hash`
@@ -178,7 +174,7 @@ Data type: `Hash`
Default value: `{}`
-##### `rich_rules`
+##### `rich_rules`
Data type: `Hash`
@@ -186,7 +182,7 @@ Data type: `Hash`
Default value: `{}`
-##### `custom_services`
+##### `custom_services`
Data type: `Hash`
@@ -194,7 +190,7 @@ Data type: `Hash`
Default value: `{}`
-##### `ipsets`
+##### `ipsets`
Data type: `Hash`
@@ -202,7 +198,7 @@ Data type: `Hash`
Default value: `{}`
-##### `direct_rules`
+##### `direct_rules`
Data type: `Hash`
@@ -210,7 +206,7 @@ Data type: `Hash`
Default value: `{}`
-##### `direct_chains`
+##### `direct_chains`
Data type: `Hash`
@@ -218,7 +214,7 @@ Data type: `Hash`
Default value: `{}`
-##### `direct_passthroughs`
+##### `direct_passthroughs`
Data type: `Hash`
@@ -226,260 +222,142 @@ Data type: `Hash`
Default value: `{}`
-##### `purge_direct_rules`
+##### `purge_direct_rules`
Data type: `Boolean`
-Default value: ``false``
+Default value: `false`
-##### `purge_direct_chains`
+##### `purge_direct_chains`
Data type: `Boolean`
-Default value: ``false``
+Default value: `false`
-##### `purge_direct_passthroughs`
+##### `purge_direct_passthroughs`
Data type: `Boolean`
-Default value: ``false``
+Default value: `false`
-##### `purge_unknown_ipsets`
+##### `purge_unknown_ipsets`
Data type: `Boolean`
-Default value: ``false``
+Default value: `false`
-##### `default_zone`
+##### `default_zone`
Data type: `Optional[String]`
-Default value: ``undef``
+Default value: `undef`
-##### `log_denied`
+##### `log_denied`
Data type: `Optional[Enum['off','all','unicast','broadcast','multicast']]`
-Default value: ``undef``
+Default value: `undef`
-##### `cleanup_on_exit`
+##### `cleanup_on_exit`
Data type: `Optional[Enum['yes', 'no']]`
-Default value: ``undef``
+Default value: `undef`
-##### `zone_drifting`
+##### `zone_drifting`
Data type: `Optional[Enum['yes', 'no']]`
-Default value: ``undef``
+Default value: `undef`
-##### `minimal_mark`
+##### `minimal_mark`
Data type: `Optional[Integer]`
-Default value: ``undef``
+Default value: `undef`
-##### `lockdown`
+##### `lockdown`
Data type: `Optional[Enum['yes', 'no']]`
-Default value: ``undef``
+Default value: `undef`
-##### `individual_calls`
+##### `individual_calls`
Data type: `Optional[Enum['yes', 'no']]`
-Default value: ``undef``
+Default value: `undef`
-##### `ipv6_rpfilter`
+##### `ipv6_rpfilter`
Data type: `Optional[Enum['yes', 'no']]`
-Default value: ``undef``
+Default value: `undef`
-##### `firewall_backend`
+##### `firewall_backend`
Data type: `Optional[Enum['iptables', 'nftables']]`
-Default value: ``undef``
+Default value: `undef`
-##### `default_service_zone`
+##### `default_service_zone`
Data type: `Optional[String]`
-Default value: ``undef``
+Default value: `undef`
-##### `default_port_zone`
+##### `default_port_zone`
Data type: `Optional[String]`
-Default value: ``undef``
+Default value: `undef`
-##### `default_port_protocol`
+##### `default_port_protocol`
Data type: `Optional[String]`
-Default value: ``undef``
+Default value: `undef`
-### `firewalld::reload`
+### `firewalld::reload`
A common point for triggering an intermediary firewalld reload using firewall-cmd
-### `firewalld::reload::complete`
+### `firewalld::reload::complete`
A common point for triggering an intermediary firewalld full reload using firewall-cmd
-## Defined types
-
-### `firewalld::custom_service`
-
-**DEPRECATED**: Please use the `firewalld_custom_service` native type moving forward
-
-This defined type will be removed in a future release
-
-Andrew Patik
-Trevor Vaughan
-
-#### Examples
-
-#####
-
-```puppet
-
-firewalld::custom_service{'My Custom Service':
- short => 'MyService',
- description => 'My Custom Service is a daemon that does whatever',
- port => [
- {
- 'port' => '1234'
- 'protocol' => 'tcp'
- },
- {
- 'port' => '1234'
- 'protocol' => 'udp'
- },
- ],
- module => ['nf_conntrack_netbios_ns'],
- destination => {
- 'ipv4' => '127.0.0.1',
- 'ipv6' => '::1'
- }
-}
-```
-
-#### Parameters
-
-The following parameters are available in the `firewalld::custom_service` defined type:
-
-* [`short`](#short)
-* [`description`](#description)
-* [`port`](#port)
-* [`module`](#module)
-* [`destination`](#destination)
-* [`filename`](#filename)
-* [`config_dir`](#config_dir)
-* [`ensure`](#ensure)
-
-##### `short`
-
-Data type: `String`
-
-
-
-Default value: `$name`
-
-##### `description`
-
-Data type: `Optional[String]`
-
-
-
-Default value: ``undef``
-
-##### `port`
-
-Data type: `Optional[Array[Hash]]`
-
-
-
-Default value: ``undef``
-
-##### `module`
-
-Data type: `Optional[Array[String]]`
-
-
-
-Default value: ``undef``
-
-##### `destination`
-
-Data type: `Optional[Hash[
- Enum['ipv4', 'ipv6'],
- String
- ]]`
-
-
-
-Default value: ``undef``
-
-##### `filename`
-
-Data type: `String`
-
-
-
-Default value: `$short`
-
-##### `config_dir`
-
-Data type: `Stdlib::Unixpath`
-
-
-
-Default value: `'/etc/firewalld/services'`
-
-##### `ensure`
-
-Data type: `Enum['present','absent']`
-
-
-
-Default value: `'present'`
-
## Resource types
### `firewalld_custom_service`
@@ -560,10 +438,10 @@ The short description of the service
The following parameters are available in the `firewalld_custom_service` type.
-* [`name`](#name)
-* [`provider`](#provider)
+* [`name`](#-firewalld_custom_service--name)
+* [`provider`](#-firewalld_custom_service--provider)
-##### `name`
+##### `name`
Valid values: `%r{.+}`
@@ -571,7 +449,7 @@ namevar
The target filename of the resource (without the .xml suffix)
-##### `provider`
+##### `provider`
The specific backend to use for this `firewalld_custom_service` resource. You will seldom need to specify this ---
Puppet will usually discover the appropriate provider for your platform.
@@ -605,12 +483,12 @@ Default value: `present`
The following parameters are available in the `firewalld_direct_chain` type.
-* [`inet_protocol`](#inet_protocol)
-* [`name`](#name)
-* [`provider`](#provider)
-* [`table`](#table)
+* [`inet_protocol`](#-firewalld_direct_chain--inet_protocol)
+* [`name`](#-firewalld_direct_chain--name)
+* [`provider`](#-firewalld_direct_chain--provider)
+* [`table`](#-firewalld_direct_chain--table)
-##### `inet_protocol`
+##### `inet_protocol`
Valid values: `ipv4`, `ipv6`
@@ -620,16 +498,16 @@ Name of the TCP/IP protocol to use (e.g: ipv4, ipv6)
Default value: `ipv4`
-##### `name`
+##### `name`
Name of the chain eg: LOG_DROPS
-##### `provider`
+##### `provider`
The specific backend to use for this `firewalld_direct_chain` resource. You will seldom need to specify this --- Puppet
will usually discover the appropriate provider for your platform.
-##### `table`
+##### `table`
namevar
@@ -669,17 +547,17 @@ Default value: `present`
The following parameters are available in the `firewalld_direct_passthrough` type.
-* [`args`](#args)
-* [`inet_protocol`](#inet_protocol)
-* [`provider`](#provider)
+* [`args`](#-firewalld_direct_passthrough--args)
+* [`inet_protocol`](#-firewalld_direct_passthrough--inet_protocol)
+* [`provider`](#-firewalld_direct_passthrough--provider)
-##### `args`
+##### `args`
namevar
Name of the passthroughhrough to add (e.g: -A OUTPUT -j OUTPUT_filter)
-##### `inet_protocol`
+##### `inet_protocol`
Valid values: `ipv4`, `ipv6`
@@ -687,7 +565,7 @@ Name of the TCP/IP protocol to use (e.g: ipv4, ipv6)
Default value: `ipv4`
-##### `provider`
+##### `provider`
The specific backend to use for this `firewalld_direct_passthrough` resource. You will seldom need to specify this ---
Puppet will usually discover the appropriate provider for your platform.
@@ -718,11 +596,11 @@ Default value: `purged`
The following parameters are available in the `firewalld_direct_purge` type.
-* [`name`](#name)
-* [`provider`](#provider)
-* [`purge`](#purge)
+* [`name`](#-firewalld_direct_purge--name)
+* [`provider`](#-firewalld_direct_purge--provider)
+* [`purge`](#-firewalld_direct_purge--purge)
-##### `name`
+##### `name`
Valid values: `chain`, `passthrough`, `rule`
@@ -730,17 +608,17 @@ namevar
Type of resource to purge, valid values are 'chain', 'passthrough' and 'rule'
-##### `provider`
+##### `provider`
The specific backend to use for this `firewalld_direct_purge` resource. You will seldom need to specify this --- Puppet
will usually discover the appropriate provider for your platform.
-##### `purge`
+##### `purge`
-Valid values: ``true``, ``false``
+Valid values: `true`, `false`
-Default value: ``true``
+Default value: `true`
### `firewalld_direct_rule`
@@ -773,23 +651,23 @@ Default value: `present`
The following parameters are available in the `firewalld_direct_rule` type.
-* [`args`](#args)
-* [`chain`](#chain)
-* [`inet_protocol`](#inet_protocol)
-* [`name`](#name)
-* [`priority`](#priority)
-* [`provider`](#provider)
-* [`table`](#table)
+* [`args`](#-firewalld_direct_rule--args)
+* [`chain`](#-firewalld_direct_rule--chain)
+* [`inet_protocol`](#-firewalld_direct_rule--inet_protocol)
+* [`name`](#-firewalld_direct_rule--name)
+* [`priority`](#-firewalld_direct_rule--priority)
+* [`provider`](#-firewalld_direct_rule--provider)
+* [`table`](#-firewalld_direct_rule--table)
-##### `args`
+##### `args`
can be all iptables, ip6tables and ebtables command line arguments
-##### `chain`
+##### `chain`
Name of the chain type to add (e.g: INPUT, OUTPUT, FORWARD)
-##### `inet_protocol`
+##### `inet_protocol`
Valid values: `ipv4`, `ipv6`
@@ -797,22 +675,22 @@ Name of the TCP/IP protocol to use (e.g: ipv4, ipv6)
Default value: `ipv4`
-##### `name`
+##### `name`
namevar
Name of the rule resource in Puppet
-##### `priority`
+##### `priority`
The priority number of the rule (e.g: 0, 1, 2, ... 99)
-##### `provider`
+##### `provider`
The specific backend to use for this `firewalld_direct_rule` resource. You will seldom need to specify this --- Puppet
will usually discover the appropriate provider for your platform.
-##### `table`
+##### `table`
Name of the table type to add (e.g: filter, nat, mangle, raw)
@@ -870,36 +748,36 @@ Timeout in seconds before entries expiry. 0 means entry is permanent
The following parameters are available in the `firewalld_ipset` type.
-* [`manage_entries`](#manage_entries)
-* [`name`](#name)
-* [`options`](#options)
-* [`provider`](#provider)
-* [`type`](#type)
+* [`manage_entries`](#-firewalld_ipset--manage_entries)
+* [`name`](#-firewalld_ipset--name)
+* [`options`](#-firewalld_ipset--options)
+* [`provider`](#-firewalld_ipset--provider)
+* [`type`](#-firewalld_ipset--type)
-##### `manage_entries`
+##### `manage_entries`
-Valid values: ``true``, ``false``, `yes`, `no`
+Valid values: `true`, `false`, `yes`, `no`
Should we manage entries in this ipset or leave another process manage those entries
-Default value: ``true``
+Default value: `true`
-##### `name`
+##### `name`
namevar
Name of the IPset
-##### `options`
+##### `options`
Hash of options for the IPset, eg { 'family' => 'inet6' }
-##### `provider`
+##### `provider`
The specific backend to use for this `firewalld_ipset` resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
-##### `type`
+##### `type`
Valid values: `bitmap:ip`, `bitmap:ip,mac`, `bitmap:port`, `hash:ip`, `hash:ip,mark`, `hash:ip,port`, `hash:ip,port,ip`, `hash:ip,port,net`, `hash:mac`, `hash:net`, `hash:net,iface`, `hash:net,net`, `hash:net,port`, `hash:net,port,net`, `list:set`
@@ -938,7 +816,7 @@ The following properties are available in the `firewalld_policy` type.
##### `egress_zones`
-Specify the egress zones for the policy
+Specify the egress zones for the policy as an array of strings
##### `ensure`
@@ -955,11 +833,11 @@ or an array of strings specifying multiple icmp types. Any blocks not specified
##### `ingress_zones`
-Specify the ingress zones for the policy
+Specify the ingress zones for the policy as an array of strings
##### `masquerade`
-Valid values: ``true``, ``false``
+Valid values: `true`, `false`
Can be set to true or false, specifies whether to add or remove masquerading from the policy
@@ -971,21 +849,21 @@ Default value: `-1`
##### `purge_ports`
-Valid values: ``false``, ``true``
+Valid values: `false`, `true`
When set to true any ports associated with this policy
that are not managed by Puppet will be removed.
##### `purge_rich_rules`
-Valid values: ``false``, ``true``
+Valid values: `false`, `true`
When set to true any rich_rules associated with this policy
that are not managed by Puppet will be removed.
##### `purge_services`
-Valid values: ``false``, ``true``
+Valid values: `false`, `true`
When set to true any services associated with this policy
that are not managed by Puppet will be removed.
@@ -998,32 +876,32 @@ Specify the target for the policy
The following parameters are available in the `firewalld_policy` type.
-* [`description`](#description)
-* [`name`](#name)
-* [`policy`](#policy)
-* [`provider`](#provider)
-* [`short`](#short)
+* [`description`](#-firewalld_policy--description)
+* [`name`](#-firewalld_policy--name)
+* [`policy`](#-firewalld_policy--policy)
+* [`provider`](#-firewalld_policy--provider)
+* [`short`](#-firewalld_policy--short)
-##### `description`
+##### `description`
Description of the policy to add
-##### `name`
+##### `name`
namevar
Name of the rule resource in Puppet
-##### `policy`
+##### `policy`
Name of the policy
-##### `provider`
+##### `provider`
The specific backend to use for this `firewalld_policy` resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
-##### `short`
+##### `short`
Short description of the policy to add
@@ -1060,39 +938,39 @@ Default value: `present`
The following parameters are available in the `firewalld_port` type.
-* [`name`](#name)
-* [`policy`](#policy)
-* [`port`](#port)
-* [`protocol`](#protocol)
-* [`provider`](#provider)
-* [`zone`](#zone)
+* [`name`](#-firewalld_port--name)
+* [`policy`](#-firewalld_port--policy)
+* [`port`](#-firewalld_port--port)
+* [`protocol`](#-firewalld_port--protocol)
+* [`provider`](#-firewalld_port--provider)
+* [`zone`](#-firewalld_port--zone)
-##### `name`
+##### `name`
namevar
Name of the port resource in Puppet
-##### `policy`
+##### `policy`
Name of the policy to which you want to add the port, exactly one of zone and policy must be supplied
Default value: `unset`
-##### `port`
+##### `port`
Specify the element as a port
-##### `protocol`
+##### `protocol`
Specify the element as a protocol
-##### `provider`
+##### `provider`
The specific backend to use for this `firewalld_port` resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
-##### `zone`
+##### `zone`
Name of the zone to which you want to add the port, exactly one of zone and policy must be supplied
@@ -1132,37 +1010,38 @@ Default value: `present`
The following parameters are available in the `firewalld_rich_rule` type.
-* [`action`](#action)
-* [`audit`](#audit)
-* [`dest`](#dest)
-* [`family`](#family)
-* [`forward_port`](#forward_port)
-* [`icmp_block`](#icmp_block)
-* [`icmp_type`](#icmp_type)
-* [`log`](#log)
-* [`masquerade`](#masquerade)
-* [`name`](#name)
-* [`policy`](#policy)
-* [`port`](#port)
-* [`protocol`](#protocol)
-* [`provider`](#provider)
-* [`raw_rule`](#raw_rule)
-* [`service`](#service)
-* [`source`](#source)
-* [`zone`](#zone)
-
-##### `action`
-
-
-##### `audit`
+* [`action`](#-firewalld_rich_rule--action)
+* [`audit`](#-firewalld_rich_rule--audit)
+* [`dest`](#-firewalld_rich_rule--dest)
+* [`family`](#-firewalld_rich_rule--family)
+* [`forward_port`](#-firewalld_rich_rule--forward_port)
+* [`icmp_block`](#-firewalld_rich_rule--icmp_block)
+* [`icmp_type`](#-firewalld_rich_rule--icmp_type)
+* [`log`](#-firewalld_rich_rule--log)
+* [`masquerade`](#-firewalld_rich_rule--masquerade)
+* [`name`](#-firewalld_rich_rule--name)
+* [`policy`](#-firewalld_rich_rule--policy)
+* [`port`](#-firewalld_rich_rule--port)
+* [`priority`](#-firewalld_rich_rule--priority)
+* [`protocol`](#-firewalld_rich_rule--protocol)
+* [`provider`](#-firewalld_rich_rule--provider)
+* [`raw_rule`](#-firewalld_rich_rule--raw_rule)
+* [`service`](#-firewalld_rich_rule--service)
+* [`source`](#-firewalld_rich_rule--source)
+* [`zone`](#-firewalld_rich_rule--zone)
+
+##### `action`
+
+
+##### `audit`
doc
-##### `dest`
+##### `dest`
Specify destination address, this can be a string of the IP address or a hash containing other options
-##### `family`
+##### `family`
Valid values: `ipv4`, `ipv6`
@@ -1170,66 +1049,70 @@ IP family, one of ipv4 or ipv6, defauts to ipv4
Default value: `ipv4`
-##### `forward_port`
+##### `forward_port`
Specify the element as forward-port
-##### `icmp_block`
+##### `icmp_block`
Specify the element as an icmp-block
-##### `icmp_type`
+##### `icmp_type`
Specify the element as an icmp-type
-##### `log`
+##### `log`
doc
-##### `masquerade`
+##### `masquerade`
Specify the element as masquerade
-##### `name`
+##### `name`
namevar
Name of the rule resource in Puppet
-##### `policy`
+##### `policy`
Name of the policy to attach the rich rule to, exactly one of zone and policy must be supplied
Default value: `unset`
-##### `port`
+##### `port`
Specify the element as a port
-##### `protocol`
+##### `priority`
+
+Rule priority, it can be in the range of -32768 to 32767
+
+##### `protocol`
Specify the element as a protocol
-##### `provider`
+##### `provider`
The specific backend to use for this `firewalld_rich_rule` resource. You will seldom need to specify this --- Puppet
will usually discover the appropriate provider for your platform.
-##### `raw_rule`
+##### `raw_rule`
Manage the entire rule as one string - this is used
internally by firwalld_zone and firewalld_policy to handle
pruning of rules
-##### `service`
+##### `service`
Specify the element as a service
-##### `source`
+##### `source`
Specify source address, this can be a string of the IP address or a hash containing other options
-##### `zone`
+##### `zone`
Name of the zone to attach the rich rule to, exactly one of zone and policy must be supplied
@@ -1273,34 +1156,34 @@ Default value: `present`
The following parameters are available in the `firewalld_service` type.
-* [`name`](#name)
-* [`policy`](#policy)
-* [`provider`](#provider)
-* [`service`](#service)
-* [`zone`](#zone)
+* [`name`](#-firewalld_service--name)
+* [`policy`](#-firewalld_service--policy)
+* [`provider`](#-firewalld_service--provider)
+* [`service`](#-firewalld_service--service)
+* [`zone`](#-firewalld_service--zone)
-##### `name`
+##### `name`
namevar
Name of the service resource in Puppet
-##### `policy`
+##### `policy`
Name of the policy to which you want to add the service, exactly one of zone and policy must be supplied
Default value: `unset`
-##### `provider`
+##### `provider`
The specific backend to use for this `firewalld_service` resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
-##### `service`
+##### `service`
Name of the service to add
-##### `zone`
+##### `zone`
Name of the zone to which you want to add the service, exactly one of zone and policy must be supplied
@@ -1315,18 +1198,19 @@ not work, and will generate an error. This is a limitation of firewalld itself,
#### Examples
-##### Create a zone called `restricted`
+##### Create a zone called `restricted` allowing only `echo-request` icmp types
```puppet
firewalld_zone { 'restricted':
- ensure => present,
- target => '%%REJECT%%',
- interfaces => [],
- sources => [],
- purge_rich_rules => true,
- purge_services => true,
- purge_ports => true,
- icmp_blocks => 'router-advertisement'
+ ensure => present,
+ target => '%%REJECT%%',
+ interfaces => [],
+ sources => [],
+ purge_rich_rules => true,
+ purge_services => true,
+ purge_ports => true,
+ icmp_blocks => 'echo-request'
+ icmp_block_inversion => true,
}
```
@@ -1342,6 +1226,12 @@ The basic property that the resource should be in.
Default value: `present`
+##### `icmp_block_inversion`
+
+Valid values: `true`, `false`
+
+Can be set to true or false, specifies whether to set icmp_block_inversion from the zone
+
##### `icmp_blocks`
Specify the icmp-blocks for the zone. Can be a single string specifying one icmp type,
@@ -1353,27 +1243,27 @@ Specify the interfaces for the zone
##### `masquerade`
-Valid values: ``true``, ``false``
+Valid values: `true`, `false`
Can be set to true or false, specifies whether to add or remove masquerading from the zone
##### `purge_ports`
-Valid values: ``false``, ``true``
+Valid values: `false`, `true`
When set to true any ports associated with this zone
that are not managed by Puppet will be removed.
##### `purge_rich_rules`
-Valid values: ``false``, ``true``
+Valid values: `false`, `true`
When set to true any rich_rules associated with this zone
that are not managed by Puppet will be removed.
##### `purge_services`
-Valid values: ``false``, ``true``
+Valid values: `false`, `true`
When set to true any services associated with this zone
that are not managed by Puppet will be removed.
@@ -1390,38 +1280,38 @@ Specify the target for the zone
The following parameters are available in the `firewalld_zone` type.
-* [`description`](#description)
-* [`name`](#name)
-* [`provider`](#provider)
-* [`short`](#short)
-* [`zone`](#zone)
+* [`description`](#-firewalld_zone--description)
+* [`name`](#-firewalld_zone--name)
+* [`provider`](#-firewalld_zone--provider)
+* [`short`](#-firewalld_zone--short)
+* [`zone`](#-firewalld_zone--zone)
-##### `description`
+##### `description`
Description of the zone to add
-##### `name`
+##### `name`
namevar
Name of the rule resource in Puppet
-##### `provider`
+##### `provider`
The specific backend to use for this `firewalld_zone` resource. You will seldom need to specify this --- Puppet will
usually discover the appropriate provider for your platform.
-##### `short`
+##### `short`
Short description of the zone to add
-##### `zone`
+##### `zone`
Name of the zone
## Functions
-### `firewalld::safe_filename`
+### `firewalld::safe_filename`
Type: Puppet Language
@@ -1498,12 +1388,16 @@ The String to process
##### `options`
-Data type: `Struct[
+Data type:
+
+```puppet
+Struct[
{
'replacement_string' => Pattern[/^[\w-]+$/],
'file_extension' => Optional[String[1]]
}
- ]`
+ ]
+```
Various processing options