(R)?ex Deployment & Configuration Management

Search

News

2016-09-08

Work with (R)?ex at adjust! Check out their job posting for details, or contact our fellow core developer, FErki.

2016-07-16

(R)?ex 1.4.1 released, fixing many bugs. See the release notes for more details.

2016-03-07

(R)?ex 1.4.0 released, containing lots of goodies. See the release notes for more details.

2015-09-04

(R)?ex 1.3.3 released, fixing a bunch of bugs. See the release notes for more details.

2015-06-22

adjust GmbH is sponsoring the (R)?ex project with a new build server. Thank you for your support!

2015-06-17

(R)?ex 1.3.2 released, fixing issues related to file manipulation when run on BSDs. See the release notes for more details.

2015-06-08

(R)?ex 1.3.1 released, fixing Rex::Commands::DB related tests.

2015-05-27

Read the second part of "Rex in practice" series about Test-driven infrastructure.

2015-05-09

repositor.io 1.1.0 released. repositor.io is a repository management tool for apt, yum, yast and docker. This is a bugfix release with fixes for ubuntu and centos7 installation media mirroring.

2015-05-03

(R)?ex 1.2.0 released. See the release notes for more details.

2015-03-27

View the slides of the talk An introduction to Rex from Andy Beverley.

Conferences

2016-06-21

Training

Need Help?

Rex is a pure open source project, you can find community support in the following places:

Professional support is also available.

» Home » Docs » API » 1.4 » Rex » Resource » firewall.pm

firewall.pm

API Version:

NAME

Rex::Resource::firewall - Firewall functions

DESCRIPTION

With this module it is easy to manage different firewall systems.

SYNOPSIS

 # Configure a particular rule
 task "configure_firewall", "server01", sub {
   firewall "some-name",
     ensure      => "present",
     proto       => "tcp",
     action      => "accept",
     source      => "192.168.178.0/24",
     destination => "192.168.1.0/24",
     sport       => 80,
     sapp        => 'www',    # source application, if provider supports it
     port        => 80,       # same as dport
     dport       => 80,
     app         => 'www',    # same as dapp, destination application, if provider supports it
     dapp        => 'www',    # destination application, if provider supports it
     tcp_flags   => ["FIN", "SYN", "RST"],
     chain       => "INPUT",
     table       => "nat",
     jump        => "LOG",
     iniface     => "eth0",
     outiface    => "eth1",
     reject_with => "icmp-host-prohibited",
     log         => "new|all",  # if provider supports it
     log_level   => "",         # if provider supports it
     log_prefix  => "FW:",      # if provider supports it
     state       => "NEW",
     ip_version  => -4;         # for iptables provider. valid options -4 and -6
 };

 # Add overall logging (if provider supports)
 firewall "some-name",
   provider => 'ufw',
   logging  => "medium";

EXPORTED RESOURCES

firewall($name, %params)
Fork me on GitHub
Google Group / Twitter / GitHub / Mailinglist / irc.freenode.net #rex   -.รด.-   Disclaimer