pmoranga/puppet-firewall-docker.pp

## puppet-firewall-docker.pp
  class my_fw::pre {

# Disable due to selective purges of firewallchain
#    resources { "firewall":
#      purge => true
#    }

    # Avoid removing Docker rules:
    firewallchain { 'FORWARD:filter:IPv4':
      purge  => true,
      ignore => [ 'docker' ],
    }
    firewallchain { 'DOCKER:filter:IPv4':
      purge  => false,
    }
    firewallchain { 'DOCKER:nat:IPv4':
      purge  => false,
    }
    firewallchain { 'POSTROUTING:nat:IPv4':
      purge  => true,
      ignore => [ 'docker', '172.17' ],
    }
    firewallchain { 'PREROUTING:nat:IPv4':
      purge  => true,
      ignore => [ 'DOCKER' ],
    }

    #ensure input rules are cleaned out
    firewallchain { 'INPUT:filter:IPv4':
      ensure => present,
      purge  => true,
    }

    # Block what ever.....
  }
	class my_fw::pre {

	# Disable due to selective purges of firewallchain
	# resources { "firewall":
	# purge => true
	# }

	# Avoid removing Docker rules:
	firewallchain { 'FORWARD:filter:IPv4':
	purge => true,
	ignore => [ 'docker' ],
	}
	firewallchain { 'DOCKER:filter:IPv4':
	purge => false,
	}
	firewallchain { 'DOCKER:nat:IPv4':
	purge => false,
	}
	firewallchain { 'POSTROUTING:nat:IPv4':
	purge => true,
	ignore => [ 'docker', '172.17' ],
	}
	firewallchain { 'PREROUTING:nat:IPv4':
	purge => true,
	ignore => [ 'DOCKER' ],
	}

	#ensure input rules are cleaned out
	firewallchain { 'INPUT:filter:IPv4':
	ensure => present,
	purge => true,
	}

	# Block what ever.....
	}