0

Does puppet firewall support the string module? I need help to implement the following iptables rules in puppet but can't find any documentation or examples on how to do this.

 iptables -I INPUT -p udp -m udp --dport 5060 -m string --string "User-Agent: VaxSIPUserAgent" --algo bm --to 65535 -j DROP 
 iptables -I INPUT -p udp -m udp --dport 5060 -m string --string "User-Agent: friendly-scanner" --algo bm --to 65535 -j REJECT --reject-with icmp-port-unreachable 
 iptables -I INPUT -p udp -m udp --dport 5060 -m string --string "REGISTER sip:" --algo bm -m recent --set --name VOIP --rsource 
 iptables -I INPUT -p udp -m udp --dport 5060 -m string --string "REGISTER sip:" --algo bm -m recent --update --seconds 60 --hitcount 12 --rttl --name VOIP --rsource -j DROP 
 iptables -I INPUT -p udp -m udp --dport 5060 -m string --string "INVITE sip:" --algo bm -m recent --set --name VOIPINV --rsource 
 iptables -I INPUT -p udp -m udp --dport 5060 -m string --string "INVITE sip:" --algo bm -m recent --update --seconds 60 --hitcount 12 --rttl --name VOIPINV --rsource -j DROP 
 iptables -I INPUT -p udp -m hashlimit --hashlimit 6/sec --hashlimit-mode srcip,dstport --hashlimit-name tunnel_limit -m udp --dport 5060 -j ACCEPT 
 iptables -I INPUT -p udp -m udp --dport 5060 -j DROP
markhorrocks
  • 513
  • 3
  • 10
  • 26

2 Answers2

1

Here is example, but you have to download puppet-firewall first 

firewall { 'your_rule':
    string => "INVITE sip:",
    string_algo => "bm"
  }
Vlad Naboichenko
  • 26
  • 1
0

Puppet itself does not have a resource like iptables/firewall out of the box.

To mange iptables/firewall you can use a off. module from puppet labs

Alternative you can build your own module (which handels your iptables config) with augeas as resource type

deagh
  • 2,019
  • 5
  • 19
  • 19