Skip to content
This repository has been archived by the owner on Dec 17, 2020. It is now read-only.

Latest commit

 

History

History
executable file
·
329 lines (168 loc) · 6.35 KB

REFERENCE.md

File metadata and controls

executable file
·
329 lines (168 loc) · 6.35 KB

Reference

Table of Contents

Resource types

Resource types

windows_firewall_global

Manage windows global firewall settings

Properties

The following properties are available in the windows_firewall_global type.

strongcrlcheck

Configures how CRL checking is enforced

saidletimemin

Configures the security association idle time in minutes.

defaultexemptions

Valid values: none, neighbordiscovery, icmp, dhcp, notconfigured

Configures the default IPsec exemptions. Default is to exempt IPv6 neighbordiscovery protocol and DHCP from IPsec.

ipsecthroughnat

Valid values: never, serverbehindnat, serverandclientbehindnat, notconfigured

Configures when security associations can be established with a computer behind a network address translator

authzusergrp

Configures the users that are authorized to establish tunnel mode connections.

authzcomputergrp

Configures the computers that are authorized to establish tunnel mode connections

authzusergrptransport

Authz user group transport

authzcomputergrptransport

Authz computer transport

statefulftp

Valid values: enable, disable, notconfigured

Stateful FTP

statefulpptp

Valid values: enable, disable, notconfigured

Stateful PPTP

keylifetime

Sets main mode key lifetime in minutes and sessions

secmethods

configures the main mode list of proposals

forcedh

Valid values: yes, no

configures the option to use DH to secure key exchange

boottimerulecategory

Boot time rule category

firewallrulecategory

Firewall rule category

stealthrulecategory

Stealth rule category

consecrulecategory

con sec rule category

Parameters

The following parameters are available in the windows_firewall_global type.

name

namevar

Not used (reference only)

windows_firewall_group

Enable/Disable windows firewall group

Properties

The following properties are available in the windows_firewall_group type.

enabled

Valid values: true, false

Whether the rule group is enabled (true or false)

Default value: true

Parameters

The following parameters are available in the windows_firewall_group type.

name

namevar

Name of the rule group to enable/disable

windows_firewall_profile

Enable/Disable windows firewall profile

Properties

The following properties are available in the windows_firewall_profile type.

state

Valid values: on, off

State of this firewall profile

firewallpolicy

Configures default inbound and outbound behavior

localfirewallrules

Valid values: enable, disable, notconfigured

Merge local firewall rules with Group Policy rules. Valid when configuring a Group Policy store

localconsecrules

Valid values: enable, disable, notconfigured

Merge local connection security rules with Group Policy rules. Valid when configuring a Group Policy store

inboundusernotification

Valid values: enable, disable, notconfigured

Notify user when a program listens for inbound connections.

remotemanagement

Valid values: enable, disable, notconfigured

Allow remote management of Windows Firewall

unicastresponsetomulticast

Valid values: enable, disable, notconfigured

Control stateful unicast response to multicast.

logallowedconnections

Valid values: enable, disable, notconfigured

log allowed connections

logdroppedconnections

Valid values: enable, disable, notconfigured

log dropped connections

maxfilesize

maximum size of log file in KB

filename

Name and location of the firewall log

Parameters

The following parameters are available in the windows_firewall_profile type.

name

namevar

Name of the profile to work on

windows_firewall_rule

Manage Windows Firewall with Puppet

Properties

The following properties are available in the windows_firewall_rule type.

ensure

Valid values: present, absent

How to ensure this firewall rule (present or absent)

Default value: present

enabled

Valid values: true, false

Whether the rule is enabled (true or false)

Default value: true

display_name

Display name for this rule

description

Description of this rule

direction

Valid values: inbound, outbound

Direction the rule applies to (inbound/outbound)

profile

Valid values: domain, private, public, any

Which profile(s) this rule belongs to, use an array to pass more then one

display_group

group that the rule belongs to (read-only)

local_address

the local IP the rule targets (hostname not allowed)

remote_address

the remote IP the rule targets (hostname not allowed)

protocol

Valid values: tcp, udp, icmpv4, icmpv6

the protocol the rule targets

icmp_type

Protocol type to use (with ICMPv4/ICMPv6)"

Values should be:

  • Just the type (3) ICMP type code: 0 through 255.
  • ICMP type code pairs: 3:4 (type 3, code 4)
  • any
local_port

the local port the rule targets

remote_port

the remote port the rule targets

edge_traversal_policy

Valid values: block, allow, defer_to_user, defer_to_app

Apply rule to encapsulated traffic (?) - see: https://serverfault.com/questions/89824/windows-advanced-firewall-what-does-edge-traversal-mean#89846

Default value: block

action

Valid values: block, allow

What to do when this rule matches (Accept/Reject)

program

Path to program this rule applies to

interface_type

Valid values: any, wired, wireless, remote_access

Interface types this rule applies to

Default value: any

Parameters

The following parameters are available in the windows_firewall_rule type.

name

namevar

Name of this rule