diff --git a/CHANGELOG.md b/CHANGELOG.md
index 46c6ef65..ee0777f0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,30 @@ All notable changes to this project will be documented in this file.
Each new release typically also includes the latest modulesync defaults.
These should not affect the functionality of the module.
+## [v4.5.0](https://github.com/voxpupuli/puppet-firewalld/tree/v4.5.0) (2022-08-15)
+
+[Full Changelog](https://github.com/voxpupuli/puppet-firewalld/compare/v4.4.0...v4.5.0)
+
+**Implemented enhancements:**
+
+- firewalld modules reloads firewalld excessively [\#61](https://github.com/voxpupuli/puppet-firewalld/issues/61)
+
+**Fixed bugs:**
+
+- Trying to add custom service with protocols and not ports, results in an error on first run [\#306](https://github.com/voxpupuli/puppet-firewalld/issues/306)
+- Fixes firewalld\_custom\_service where only protocols are defined [\#307](https://github.com/voxpupuli/puppet-firewalld/pull/307) ([nmaludy](https://github.com/nmaludy))
+
+**Closed issues:**
+
+- Support for Rocky Linux / Alma Linux ? [\#312](https://github.com/voxpupuli/puppet-firewalld/issues/312)
+- Possible parse errors in hiera data input [\#305](https://github.com/voxpupuli/puppet-firewalld/issues/305)
+- \[4.3.0\] Mising option to disable AllowZoneDrifting [\#294](https://github.com/voxpupuli/puppet-firewalld/issues/294)
+
+**Merged pull requests:**
+
+- Fix firewalld\_direct\_chain typo in README [\#313](https://github.com/voxpupuli/puppet-firewalld/pull/313) ([Vincevrp](https://github.com/Vincevrp))
+- Allow stdlib 8.0.0 [\#310](https://github.com/voxpupuli/puppet-firewalld/pull/310) ([smortex](https://github.com/smortex))
+
## [v4.4.0](https://github.com/voxpupuli/puppet-firewalld/tree/v4.4.0) (2020-11-13)
[Full Changelog](https://github.com/voxpupuli/puppet-firewalld/compare/v4.3.0...v4.4.0)
@@ -34,8 +58,8 @@ The highlight of this release is a new native puppet type [`firewalld_custom_ser
**Implemented enhancements:**
- Parse arguments to passthrough provider with spaces correctly [\#278](https://github.com/voxpupuli/puppet-firewalld/pull/278) ([cmusik](https://github.com/cmusik))
-- Add icmp-type support to rich rules [\#271](https://github.com/voxpupuli/puppet-firewalld/pull/271) ([ananace](https://github.com/ananace))
- Native firewalld custom service [\#277](https://github.com/voxpupuli/puppet-firewalld/pull/277) ([trevor-vaughan](https://github.com/trevor-vaughan))
+- Add icmp-type support to rich rules [\#271](https://github.com/voxpupuli/puppet-firewalld/pull/271) ([ananace](https://github.com/ananace))
**Fixed bugs:**
diff --git a/REFERENCE.md b/REFERENCE.md
index dbad77eb..ed9a6cb1 100644
--- a/REFERENCE.md
+++ b/REFERENCE.md
@@ -1,19 +1,20 @@
# Reference
+
## Table of Contents
-**Classes**
+### Classes
* [`firewalld`](#firewalld): Manage the firewalld service
* [`firewalld::reload`](#firewalldreload): A common point for triggering an intermediary firewalld reload using firewall-cmd
* [`firewalld::reload::complete`](#firewalldreloadcomplete): A common point for triggering an intermediary firewalld full reload using firewall-cmd
-**Defined types**
+### Defined types
* [`firewalld::custom_service`](#firewalldcustom_service): Creates a new service definition for use in firewalld
-**Resource types**
+### Resource types
* [`firewalld_custom_service`](#firewalld_custom_service): Creates a custom firewalld service.
* [`firewalld_direct_chain`](#firewalld_direct_chain): Allow to create a custom chain in iptables/ip6tables/ebtables using firewalld direct interface. Example: firewalld_direct_chain {'Add c
@@ -26,13 +27,13 @@
* [`firewalld_service`](#firewalld_service): Assigns a service to a specific firewalld zone.
* [`firewalld_zone`](#firewalld_zone): Creates and manages firewalld zones.
-**Functions**
+### Functions
* [`firewalld::safe_filename`](#firewalldsafe_filename): Returns a string that is safe for firewalld filenames
## Classes
-### firewalld
+### `firewalld`
See the README.md for usage instructions for the firewalld_zone and
firewalld_rich_rule types
@@ -61,251 +62,290 @@ Copyright 2015 Craig Dunn
#### Parameters
-The following parameters are available in the `firewalld` class.
-
-##### `package_ensure`
+The following parameters are available in the `firewalld` class:
+
+* [`package_ensure`](#package_ensure)
+* [`package`](#package)
+* [`service_ensure`](#service_ensure)
+* [`config_package`](#config_package)
+* [`install_gui`](#install_gui)
+* [`service_enable`](#service_enable)
+* [`zones`](#zones)
+* [`ports`](#ports)
+* [`services`](#services)
+* [`rich_rules`](#rich_rules)
+* [`custom_services`](#custom_services)
+* [`ipsets`](#ipsets)
+* [`direct_rules`](#direct_rules)
+* [`direct_chains`](#direct_chains)
+* [`direct_passthroughs`](#direct_passthroughs)
+* [`purge_direct_rules`](#purge_direct_rules)
+* [`purge_direct_chains`](#purge_direct_chains)
+* [`purge_direct_passthroughs`](#purge_direct_passthroughs)
+* [`purge_unknown_ipsets`](#purge_unknown_ipsets)
+* [`default_zone`](#default_zone)
+* [`log_denied`](#log_denied)
+* [`cleanup_on_exit`](#cleanup_on_exit)
+* [`zone_drifting`](#zone_drifting)
+* [`minimal_mark`](#minimal_mark)
+* [`lockdown`](#lockdown)
+* [`ipv6_rpfilter`](#ipv6_rpfilter)
+* [`firewall_backend`](#firewall_backend)
+* [`default_service_zone`](#default_service_zone)
+* [`default_port_zone`](#default_port_zone)
+* [`default_port_protocol`](#default_port_protocol)
+
+##### `package_ensure`
Data type: `Enum['present','absent','latest','installed']`
-Default value: 'installed'
+Default value: `'installed'`
-##### `package`
+##### `package`
Data type: `String`
-Default value: 'firewalld'
+Default value: `'firewalld'`
-##### `service_ensure`
+##### `service_ensure`
Data type: `Stdlib::Ensure::Service`
-Default value: 'running'
+Default value: `'running'`
-##### `config_package`
+##### `config_package`
Data type: `String`
-Default value: 'firewall-config'
+Default value: `'firewall-config'`
-##### `install_gui`
+##### `install_gui`
Data type: `Boolean`
-Default value: `false`
+Default value: ``false``
-##### `service_enable`
+##### `service_enable`
Data type: `Boolean`
-Default value: `true`
+Default value: ``true``
-##### `zones`
+##### `zones`
Data type: `Hash`
-Default value: {}
+Default value: `{}`
-##### `ports`
+##### `ports`
Data type: `Hash`
-Default value: {}
+Default value: `{}`
-##### `services`
+##### `services`
Data type: `Hash`
-Default value: {}
+Default value: `{}`
-##### `rich_rules`
+##### `rich_rules`
Data type: `Hash`
-Default value: {}
+Default value: `{}`
-##### `custom_services`
+##### `custom_services`
Data type: `Hash`
-Default value: {}
+Default value: `{}`
-##### `ipsets`
+##### `ipsets`
Data type: `Hash`
-Default value: {}
+Default value: `{}`
-##### `direct_rules`
+##### `direct_rules`
Data type: `Hash`
-Default value: {}
+Default value: `{}`
-##### `direct_chains`
+##### `direct_chains`
Data type: `Hash`
-Default value: {}
+Default value: `{}`
-##### `direct_passthroughs`
+##### `direct_passthroughs`
Data type: `Hash`
-Default value: {}
+Default value: `{}`
-##### `purge_direct_rules`
+##### `purge_direct_rules`
Data type: `Boolean`
-Default value: `false`
+Default value: ``false``
-##### `purge_direct_chains`
+##### `purge_direct_chains`
Data type: `Boolean`
-Default value: `false`
+Default value: ``false``
-##### `purge_direct_passthroughs`
+##### `purge_direct_passthroughs`
Data type: `Boolean`
-Default value: `false`
+Default value: ``false``
-##### `purge_unknown_ipsets`
+##### `purge_unknown_ipsets`
Data type: `Boolean`
-Default value: `false`
+Default value: ``false``
-##### `default_zone`
+##### `default_zone`
Data type: `Optional[String]`
-Default value: `undef`
+Default value: ``undef``
-##### `log_denied`
+##### `log_denied`
Data type: `Optional[Enum['off','all','unicast','broadcast','multicast']]`
-Default value: `undef`
+Default value: ``undef``
+
+##### `cleanup_on_exit`
+
+Data type: `Optional[Enum['yes', 'no']]`
+
+
+
+Default value: ``undef``
-##### `cleanup_on_exit`
+##### `zone_drifting`
Data type: `Optional[Enum['yes', 'no']]`
-Default value: `undef`
+Default value: ``undef``
-##### `minimal_mark`
+##### `minimal_mark`
Data type: `Optional[Integer]`
-Default value: `undef`
+Default value: ``undef``
-##### `lockdown`
+##### `lockdown`
Data type: `Optional[Enum['yes', 'no']]`
-Default value: `undef`
+Default value: ``undef``
-##### `ipv6_rpfilter`
+##### `ipv6_rpfilter`
Data type: `Optional[Enum['yes', 'no']]`
-Default value: `undef`
+Default value: ``undef``
-##### `firewall_backend`
+##### `firewall_backend`
Data type: `Optional[Enum['iptables', 'nftables']]`
-Default value: `undef`
+Default value: ``undef``
-##### `default_service_zone`
+##### `default_service_zone`
Data type: `Optional[String]`
-Default value: `undef`
+Default value: ``undef``
-##### `default_port_zone`
+##### `default_port_zone`
Data type: `Optional[String]`
-Default value: `undef`
+Default value: ``undef``
-##### `default_port_protocol`
+##### `default_port_protocol`
Data type: `Optional[String]`
-Default value: `undef`
+Default value: ``undef``
-### firewalld::reload
+### `firewalld::reload`
A common point for triggering an intermediary firewalld reload using firewall-cmd
-### firewalld::reload::complete
+### `firewalld::reload::complete`
A common point for triggering an intermediary firewalld full reload using firewall-cmd
## Defined types
-### firewalld::custom_service
+### `firewalld::custom_service`
**DEPRECATED**: Please use the `firewalld_custom_service` native type moving forward
@@ -343,78 +383,87 @@ firewalld::custom_service{'My Custom Service':
#### Parameters
-The following parameters are available in the `firewalld::custom_service` defined type.
+The following parameters are available in the `firewalld::custom_service` defined type:
-##### `short`
+* [`short`](#short)
+* [`description`](#description)
+* [`port`](#port)
+* [`module`](#module)
+* [`destination`](#destination)
+* [`filename`](#filename)
+* [`config_dir`](#config_dir)
+* [`ensure`](#ensure)
+
+##### `short`
Data type: `String`
-Default value: $name
+Default value: `$name`
-##### `description`
+##### `description`
Data type: `Optional[String]`
-Default value: `undef`
+Default value: ``undef``
-##### `port`
+##### `port`
Data type: `Optional[Array[Hash]]`
-Default value: `undef`
+Default value: ``undef``
-##### `module`
+##### `module`
Data type: `Optional[Array[String]]`
-Default value: `undef`
+Default value: ``undef``
-##### `destination`
+##### `destination`
Data type: `Optional[Hash[
- Enum['ipv4', 'ipv6'],
- String
+ Enum['ipv4', 'ipv6'],
+ String
]]`
-Default value: `undef`
+Default value: ``undef``
-##### `filename`
+##### `filename`
Data type: `String`
-Default value: $short
+Default value: `$short`
-##### `config_dir`
+##### `config_dir`
Data type: `Stdlib::Unixpath`
-Default value: '/etc/firewalld/services'
+Default value: `'/etc/firewalld/services'`
-##### `ensure`
+##### `ensure`
Data type: `Enum['present','absent']`
-Default value: 'present'
+Default value: `'present'`
## Resource types
-### firewalld_custom_service
+### `firewalld_custom_service`
You will still need to create a `firewalld_service` resource to bind your new
service to a zone.
@@ -434,77 +483,81 @@ firewalld_custom_service {'test':
The following properties are available in the `firewalld_custom_service` type.
-##### `ensure`
-
-Valid values: present, absent
-
-The basic property that the resource should be in.
-
-Default value: present
-
-##### `short`
+##### `description`
-Valid values: %r{.+}
+Valid values: `%r{.+}`
-The short description of the service
+The long description of the service
-##### `description`
+##### `ensure`
-Valid values: %r{.+}
+Valid values: `present`, `absent`
-The long description of the service
+The basic property that the resource should be in.
-##### `ports`
+Default value: `present`
-An Array of allowed port/protocol Hashes or Strings of the form `port/protocol`
+##### `ipv4_destination`
-Default value: unset
+The IPv4 destination network of the service
-##### `protocols`
+Default value: `unset`
-Valid values: %r{^[^\s#]+$}
+##### `ipv6_destination`
-Protocols allowed by the service as defined in /etc/protocols
+The IPv6 destination network of the service
-Default value: unset
+Default value: `unset`
##### `modules`
-Valid values: %r{^[\w-]+$}
+Valid values: `%r{^[\w-]+$}`
The list of netfilter modules to add to the service
-Default value: unset
+Default value: `unset`
-##### `ipv4_destination`
+##### `ports`
-Valid values: %r{^[^/]+(/\d+)?$}
+An Array of allowed port/protocol Hashes or Strings of the form `port/protocol`
-The IPv4 destination network of the service
+Default value: `unset`
-Default value: unset
+##### `protocols`
-##### `ipv6_destination`
+Valid values: `%r{^[^\s#]+$}`
-Valid values: %r{^[^/]+(/\d+)?$}
+Protocols allowed by the service as defined in /etc/protocols
-The IPv6 destination network of the service
+Default value: `unset`
+
+##### `short`
+
+Valid values: `%r{.+}`
-Default value: unset
+The short description of the service
#### Parameters
The following parameters are available in the `firewalld_custom_service` type.
-##### `name`
+* [`name`](#name)
+* [`provider`](#provider)
-Valid values: %r{.+}
+##### `name`
+
+Valid values: `%r{.+}`
namevar
The target filename of the resource (without the .xml suffix)
-### firewalld_direct_chain
+##### `provider`
+
+The specific backend to use for this `firewalld_custom_service` resource. You will seldom need to specify this ---
+Puppet will usually discover the appropriate provider for your platform.
+
+### `firewalld_direct_chain`
Allow to create a custom chain in iptables/ip6tables/ebtables using firewalld direct interface.
@@ -523,37 +576,47 @@ The following properties are available in the `firewalld_direct_chain` type.
##### `ensure`
-Valid values: present, absent
+Valid values: `present`, `absent`
The basic property that the resource should be in.
-Default value: present
+Default value: `present`
#### Parameters
The following parameters are available in the `firewalld_direct_chain` type.
-##### `name`
+* [`inet_protocol`](#inet_protocol)
+* [`name`](#name)
+* [`provider`](#provider)
+* [`table`](#table)
-Name of the chain eg: LOG_DROPS
-
-##### `inet_protocol`
+##### `inet_protocol`
-Valid values: ipv4, ipv6
+Valid values: `ipv4`, `ipv6`
namevar
Name of the TCP/IP protocol to use (e.g: ipv4, ipv6)
-Default value: ipv4
+Default value: `ipv4`
+
+##### `name`
+
+Name of the chain eg: LOG_DROPS
+
+##### `provider`
-##### `table`
+The specific backend to use for this `firewalld_direct_chain` resource. You will seldom need to specify this --- Puppet
+will usually discover the appropriate provider for your platform.
+
+##### `table`
namevar
Name of the table type to add (e.g: filter, nat, mangle, raw)
-### firewalld_direct_passthrough
+### `firewalld_direct_passthrough`
Allow to create a custom passthroughhrough traffic in iptables/ip6tables/ebtables using firewalld direct interface.
@@ -577,31 +640,40 @@ The following properties are available in the `firewalld_direct_passthrough` typ
##### `ensure`
-Valid values: present, absent
+Valid values: `present`, `absent`
The basic property that the resource should be in.
-Default value: present
+Default value: `present`
#### Parameters
The following parameters are available in the `firewalld_direct_passthrough` type.
-##### `inet_protocol`
+* [`args`](#args)
+* [`inet_protocol`](#inet_protocol)
+* [`provider`](#provider)
-Valid values: ipv4, ipv6
+##### `args`
-Name of the TCP/IP protocol to use (e.g: ipv4, ipv6)
+namevar
-Default value: ipv4
+Name of the passthroughhrough to add (e.g: -A OUTPUT -j OUTPUT_filter)
-##### `args`
+##### `inet_protocol`
-namevar
+Valid values: `ipv4`, `ipv6`
-Name of the passthroughhrough to add (e.g: -A OUTPUT -j OUTPUT_filter)
+Name of the TCP/IP protocol to use (e.g: ipv4, ipv6)
+
+Default value: `ipv4`
+
+##### `provider`
-### firewalld_direct_purge
+The specific backend to use for this `firewalld_direct_passthrough` resource. You will seldom need to specify this ---
+Puppet will usually discover the appropriate provider for your platform.
+
+### `firewalld_direct_purge`
Allow to purge direct rules in iptables/ip6tables/ebtables using firewalld direct interface.
@@ -617,33 +689,41 @@ The following properties are available in the `firewalld_direct_purge` type.
##### `ensure`
-Valid values: purgable, purged
+Valid values: `purgable`, `purged`
The basic property that the resource should be in.
-Default value: purged
+Default value: `purged`
#### Parameters
The following parameters are available in the `firewalld_direct_purge` type.
-##### `purge`
+* [`name`](#name)
+* [`provider`](#provider)
+* [`purge`](#purge)
-Valid values: `true`, `false`
+##### `name`
+Valid values: `chain`, `passthrough`, `rule`
+namevar
-Default value: `true`
+Type of resource to purge, valid values are 'chain', 'passthrough' and 'rule'
-##### `name`
+##### `provider`
-Valid values: chain, passthrough, rule
+The specific backend to use for this `firewalld_direct_purge` resource. You will seldom need to specify this --- Puppet
+will usually discover the appropriate provider for your platform.
-namevar
+##### `purge`
-Type of resource to purge, valid values are 'chain', 'passthrough' and 'rule'
+Valid values: ``true``, ``false``
-### firewalld_direct_rule
+
+Default value: ``true``
+
+### `firewalld_direct_rule`
Allow to pass rules directly to iptables/ip6tables/ebtables using firewalld direct interface.
@@ -664,47 +744,60 @@ The following properties are available in the `firewalld_direct_rule` type.
##### `ensure`
-Valid values: present, absent
+Valid values: `present`, `absent`
The basic property that the resource should be in.
-Default value: present
+Default value: `present`
#### Parameters
The following parameters are available in the `firewalld_direct_rule` type.
-##### `name`
+* [`args`](#args)
+* [`chain`](#chain)
+* [`inet_protocol`](#inet_protocol)
+* [`name`](#name)
+* [`priority`](#priority)
+* [`provider`](#provider)
+* [`table`](#table)
-namevar
+##### `args`
-Name of the rule resource in Puppet
+ can be all iptables, ip6tables and ebtables command line arguments
-##### `inet_protocol`
+##### `chain`
-Valid values: ipv4, ipv6
+Name of the chain type to add (e.g: INPUT, OUTPUT, FORWARD)
-Name of the TCP/IP protocol to use (e.g: ipv4, ipv6)
+##### `inet_protocol`
+
+Valid values: `ipv4`, `ipv6`
-Default value: ipv4
+Name of the TCP/IP protocol to use (e.g: ipv4, ipv6)
-##### `table`
+Default value: `ipv4`
-Name of the table type to add (e.g: filter, nat, mangle, raw)
+##### `name`
-##### `chain`
+namevar
-Name of the chain type to add (e.g: INPUT, OUTPUT, FORWARD)
+Name of the rule resource in Puppet
-##### `priority`
+##### `priority`
The priority number of the rule (e.g: 0, 1, 2, ... 99)
-##### `args`
+##### `provider`
- can be all iptables, ip6tables and ebtables command line arguments
+The specific backend to use for this `firewalld_direct_rule` resource. You will seldom need to specify this --- Puppet
+will usually discover the appropriate provider for your platform.
-### firewalld_ipset
+##### `table`
+
+Name of the table type to add (e.g: filter, nat, mangle, raw)
+
+### `firewalld_ipset`
Configure IPsets in Firewalld
@@ -722,11 +815,11 @@ The following properties are available in the `firewalld_ipset` type.
##### `ensure`
-Valid values: present, absent
+Valid values: `present`, `absent`
The basic property that the resource should be in.
-Default value: present
+Default value: `present`
##### `entries`
@@ -734,7 +827,7 @@ Array of ipset entries
##### `family`
-Valid values: inet6, inet
+Valid values: `inet6`, `inet`
Protocol family of the IPSet
@@ -744,13 +837,13 @@ Initial hash size of the IPSet
##### `maxelem`
-Valid values: %r{^[1-9]\d*$}
+Valid values: `%r{^[1-9]\d*$}`
Maximal number of elements that can be stored in the set
##### `timeout`
-Valid values: %r{^\d+$}
+Valid values: `%r{^\d+$}`
Timeout in seconds before entries expiry. 0 means entry is permanent
@@ -758,33 +851,44 @@ Timeout in seconds before entries expiry. 0 means entry is permanent
The following parameters are available in the `firewalld_ipset` type.
-##### `name`
+* [`manage_entries`](#manage_entries)
+* [`name`](#name)
+* [`options`](#options)
+* [`provider`](#provider)
+* [`type`](#type)
-namevar
+##### `manage_entries`
-Name of the IPset
+Valid values: ``true``, ``false``, `yes`, `no`
-##### `type`
+Should we manage entries in this ipset or leave another process manage those entries
-Valid values: bitmap:ip, bitmap:ip,mac, bitmap:port, hash:ip, hash:ip,mark, hash:ip,port, hash:ip,port,ip, hash:ip,port,net, hash:mac, hash:net, hash:net,iface, hash:net,net, hash:net,port, hash:net,port,net, list:set
+Default value: ``true``
-Type of the ipset (default: hash:ip)
+##### `name`
+
+namevar
-Default value: hash:ip
+Name of the IPset
-##### `options`
+##### `options`
Hash of options for the IPset, eg { 'family' => 'inet6' }
-##### `manage_entries`
+##### `provider`
-Valid values: `true`, `false`, yes, no
+The specific backend to use for this `firewalld_ipset` resource. You will seldom need to specify this --- Puppet will
+usually discover the appropriate provider for your platform.
-Should we manage entries in this ipset or leave another process manage those entries
+##### `type`
+
+Valid values: `bitmap:ip`, `bitmap:ip,mac`, `bitmap:port`, `hash:ip`, `hash:ip,mark`, `hash:ip,port`, `hash:ip,port,ip`, `hash:ip,port,net`, `hash:mac`, `hash:net`, `hash:net,iface`, `hash:net,net`, `hash:net,port`, `hash:net,port,net`, `list:set`
+
+Type of the ipset (default: hash:ip)
-Default value: `true`
+Default value: `hash:ip`
-### firewalld_port
+### `firewalld_port`
Assigns a port to a specific firewalld zone.
firewalld_port will autorequire the firewalld_zone specified in the zone parameter so there is no need to add dependencies for this
@@ -804,35 +908,46 @@ The following properties are available in the `firewalld_port` type.
##### `ensure`
-Valid values: present, absent
+Valid values: `present`, `absent`
The basic property that the resource should be in.
-Default value: present
+Default value: `present`
#### Parameters
The following parameters are available in the `firewalld_port` type.
-##### `name`
+* [`name`](#name)
+* [`port`](#port)
+* [`protocol`](#protocol)
+* [`provider`](#provider)
+* [`zone`](#zone)
+
+##### `name`
namevar
Name of the port resource in Puppet
-##### `zone`
-
-Name of the zone to which you want to add the port
-
-##### `port`
+##### `port`
Specify the element as a port
-##### `protocol`
+##### `protocol`
Specify the element as a protocol
-### firewalld_rich_rule
+##### `provider`
+
+The specific backend to use for this `firewalld_port` resource. You will seldom need to specify this --- Puppet will
+usually discover the appropriate provider for your platform.
+
+##### `zone`
+
+Name of the zone to which you want to add the port
+
+### `firewalld_rich_rule`
Manages firewalld rich rules.
@@ -854,84 +969,110 @@ The following properties are available in the `firewalld_rich_rule` type.
##### `ensure`
-Valid values: present, absent
+Valid values: `present`, `absent`
The basic property that the resource should be in.
-Default value: present
+Default value: `present`
#### Parameters
The following parameters are available in the `firewalld_rich_rule` type.
-##### `name`
-
-namevar
+* [`action`](#action)
+* [`audit`](#audit)
+* [`dest`](#dest)
+* [`family`](#family)
+* [`forward_port`](#forward_port)
+* [`icmp_block`](#icmp_block)
+* [`icmp_type`](#icmp_type)
+* [`log`](#log)
+* [`masquerade`](#masquerade)
+* [`name`](#name)
+* [`port`](#port)
+* [`protocol`](#protocol)
+* [`provider`](#provider)
+* [`raw_rule`](#raw_rule)
+* [`service`](#service)
+* [`source`](#source)
+* [`zone`](#zone)
+
+##### `action`
+
+
+##### `audit`
-Name of the rule resource in Puppet
+doc
-##### `zone`
+##### `dest`
-Name of the zone
+Specify destination address, this can be a string of the IP address or a hash containing other options
-##### `family`
+##### `family`
-Valid values: ipv4, ipv6
+Valid values: `ipv4`, `ipv6`
IP family, one of ipv4 or ipv6, defauts to ipv4
-Default value: ipv4
+Default value: `ipv4`
-##### `source`
+##### `forward_port`
-Specify source address, this can be a string of the IP address or a hash containing other options
+Specify the element as forward-port
-##### `dest`
+##### `icmp_block`
-Specify destination address, this can be a string of the IP address or a hash containing other options
+Specify the element as an icmp-block
-##### `service`
+##### `icmp_type`
-Specify the element as a service
+Specify the element as an icmp-type
-##### `port`
+##### `log`
-Specify the element as a port
+doc
-##### `protocol`
+##### `masquerade`
-Specify the element as a protocol
+Specify the element as masquerade
-##### `icmp_block`
+##### `name`
-Specify the element as an icmp-block
+namevar
-##### `masquerade`
+Name of the rule resource in Puppet
-Specify the element as masquerade
+##### `port`
-##### `forward_port`
+Specify the element as a port
-Specify the element as forward-port
+##### `protocol`
-##### `log`
+Specify the element as a protocol
-doc
+##### `provider`
-##### `audit`
+The specific backend to use for this `firewalld_rich_rule` resource. You will seldom need to specify this --- Puppet
+will usually discover the appropriate provider for your platform.
-doc
+##### `raw_rule`
-##### `action`
+Manage the entire rule as one string - this is used internally by firwalld_zone to
+handle pruning of rules
+##### `service`
+Specify the element as a service
-##### `raw_rule`
+##### `source`
-Manage the entire rule as one string - this is used internally by firwalld_zone to
-handle pruning of rules
+Specify source address, this can be a string of the IP address or a hash containing other options
-### firewalld_service
+##### `zone`
+
+Name of the zone
+
+### `firewalld_service`
Assigns a service to a specific firewalld zone.
@@ -957,31 +1098,41 @@ The following properties are available in the `firewalld_service` type.
##### `ensure`
-Valid values: present, absent
+Valid values: `present`, `absent`
The basic property that the resource should be in.
-Default value: present
+Default value: `present`
#### Parameters
The following parameters are available in the `firewalld_service` type.
-##### `name`
+* [`name`](#name)
+* [`provider`](#provider)
+* [`service`](#service)
+* [`zone`](#zone)
+
+##### `name`
namevar
Name of the service resource in Puppet
-##### `service`
+##### `provider`
+
+The specific backend to use for this `firewalld_service` resource. You will seldom need to specify this --- Puppet will
+usually discover the appropriate provider for your platform.
+
+##### `service`
Name of the service to add
-##### `zone`
+##### `zone`
Name of the zone to which you want to add the service
-### firewalld_zone
+### `firewalld_zone`
Creates and manages firewalld zones.
@@ -1011,15 +1162,16 @@ The following properties are available in the `firewalld_zone` type.
##### `ensure`
-Valid values: present, absent
+Valid values: `present`, `absent`
The basic property that the resource should be in.
-Default value: present
+Default value: `present`
-##### `target`
+##### `icmp_blocks`
-Specify the target for the zone
+Specify the icmp-blocks for the zone. Can be a single string specifying one icmp type,
+or an array of strings specifying multiple icmp types. Any blocks not specified here will be removed
##### `interfaces`
@@ -1027,65 +1179,75 @@ Specify the interfaces for the zone
##### `masquerade`
-Valid values: `true`, `false`
+Valid values: ``true``, ``false``
Can be set to true or false, specifies whether to add or remove masquerading from the zone
-##### `sources`
+##### `purge_ports`
-Specify the sources for the zone
+Valid values: ``false``, ``true``
-##### `icmp_blocks`
-
-Specify the icmp-blocks for the zone. Can be a single string specifying one icmp type,
-or an array of strings specifying multiple icmp types. Any blocks not specified here will be removed
+When set to true any ports associated with this zone
+that are not managed by Puppet will be removed.
##### `purge_rich_rules`
-Valid values: `false`, `true`
+Valid values: ``false``, ``true``
When set to true any rich_rules associated with this zone
that are not managed by Puppet will be removed.
##### `purge_services`
-Valid values: `false`, `true`
+Valid values: ``false``, ``true``
When set to true any services associated with this zone
that are not managed by Puppet will be removed.
-##### `purge_ports`
+##### `sources`
-Valid values: `false`, `true`
+Specify the sources for the zone
-When set to true any ports associated with this zone
-that are not managed by Puppet will be removed.
+##### `target`
+
+Specify the target for the zone
#### Parameters
The following parameters are available in the `firewalld_zone` type.
-##### `name`
+* [`description`](#description)
+* [`name`](#name)
+* [`provider`](#provider)
+* [`short`](#short)
+* [`zone`](#zone)
+
+##### `description`
+
+Description of the zone to add
+
+##### `name`
namevar
Name of the rule resource in Puppet
-##### `zone`
+##### `provider`
-Name of the zone
+The specific backend to use for this `firewalld_zone` resource. You will seldom need to specify this --- Puppet will
+usually discover the appropriate provider for your platform.
-##### `description`
+##### `short`
-Description of the zone to add
+Short description of the zone to add
-##### `short`
+##### `zone`
-Short description of the zone to add
+Name of the zone
## Functions
-### firewalld::safe_filename
+### `firewalld::safe_filename`
Type: Puppet Language
@@ -1122,7 +1284,7 @@ Result => 'B--d--Characters--.txt'
'replacement_string' => Pattern[/^[\w-]+$/],
'file_extension' => Optional[String[1]]
}
- ] $options = { 'replacement_string' => '_'})`
+ ] $options = { 'replacement_string' => '_' })`
The firewalld::safe_filename function.
diff --git a/metadata.json b/metadata.json
index 895777df..5c1da1b6 100644
--- a/metadata.json
+++ b/metadata.json
@@ -1,6 +1,6 @@
{
"name": "puppet-firewalld",
- "version": "4.4.1-rc0",
+ "version": "4.5.0",
"author": "Vox Pupuli",
"summary": "Configure firewalld zones, services, and rich rules and direct config",
"license": "Apache-2.0",