5.2.4. HOWTO Fully Disable the System Firewall¶
Though we hope that you never actually want to do this, there may be situations where you want to use puppet to fully disable the system firewall.
When iptables was the only option, this was very straightforward. The introduction of
firewalld has added a bit of complexity due to the preservation of backwards
compatibility with calls into the
iptables::rules::* defined types.
To fully disable all firewalls on the system (not just management of the firewalls) set the following via Hiera:
iptables::enable: false firewalld::service_enable: false firewalld::service_ensure: 'stopped'
As per usual, once this is set, Puppet will ensure that the firewall is fully disabled until the settings are reversed.
firewalld::service_enable: false will likely cause your system to fall back
to using iptables.