Phurion
commented
4 years ago Why not just make a zone for lo firewalld_zone { 'some_name_for_zone': ensure => present, target => 'ACCEPT', interfaces => 'lo', purge_rich_rules => true, purge_services => true, purge_ports => true, }
I tried below code to create iptables rule. Puppet succeeded but iptables rule was neither created in iptables nor in firewalld chain. What's wrong with it?
firewalld_direct_passthrough {'loopback traffic for INPUT chain': ensure => 'present', args => '-A INPUT -i lo -j ACCEPT', }
Puppet-run output: Notice: /Stage[main]/Specs_base::Hardening_linux::Cis_3_6_firewall_configuration/Firewalld_direct_passthrough[loopback traffic for INPUT chain]/ensure: created