Configure the firewall type

To help protect your infrastructure, CEM enforces a firewall solution, firewalld, by default. firewalld is zone-based software that is designed to monitor traffic and take appropriate action. To change the firewall type or specify that CEM does not manage a firewall, you can update the firewall configuration.

Restriction: Firewalls that are based on the nftables framework are not supported. Use the firewalld or iptables setting instead.

The following examples show how to configure a firewall type.

The default setting is firewalld:

cem_linux::benchmark: 'cis'
cem_linux::config:
  profile: 'server'
  level: '1'
  firewall_type: 'firewalld'

You can also specify a value of iptables:

cem_linux::benchmark: 'cis'
cem_linux::config:
  profile: 'server'
  level: '1'
  firewall_type: 'iptables'

You can also specify a value of unmanaged. If you specify unmanaged, CEM does not enforce a state on any firewall resource:

cem_linux::benchmark: 'cis'
cem_linux::config:
  profile: 'server'
  level: '1'
  firewall_type    : 'unmanaged'