> Personally, I would expect that the right approach was to develop a simple > traffic control tool that would take a much ... less difficult input, then to > manage the high level configuration of that with puppet.
I actually abandoned trying to build my own firewall from scratch and looked into something like Endian instead. I didn't sleep well with my own firewall to be honest. Endian has all the techs we know and love: openvpn, tc, iptables, routing, spam-assassin, ntop etc. etc. It provides a nice gui, can be clustered and backs up to a single tarball for easy restoration (which can be emailed periodically to a user). Endian is also open source - so you can download the ISO and try it in a VM. Of course I'm sure there are many solutions like this so its worth shopping around - but the concept is possibly less painful. Of course I did speak to someone recently who wanted to start a business case doing firewall management in puppet - in that case he could spend the time to develop such a tool. While that seems cool I never had such luxury of time myself :-). ken. -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
