Issue #3100 has been updated by Thomas Bellman.
I think I would suggest starting from the other end: implement an iptables type, a "Solaris firewall" type, an "OpenBSD firewall" type and so on, and only later make a generic firewall type. I haven't actually used anything but Linux firewalling (but all three of them: ipfw, ipchains and iptables), but I suspect they have some rather different approaches to some things. It might be difficult to create a firewall type that is generic enough and still can grow the extensions needed to precisely control the various features in different firewall implementations, until you have lots of experience from all of them. ---------------------------------------- Feature #3100: Generic firewall type http://projects.reductivelabs.com/issues/3100 Author: Cristi Magherusan-Stanciu Status: Accepted Priority: Low Assigned to: Category: newfeature Target version: unplanned Affected version: 0.25.4rc1 Keywords: firewall Branch: It would be nice to have a firewall type with a set of rules working on all the supported systems. It should be able to detect if iptables, PF, IPFW, IPF and so on are running on the machine and be able to configure it. The supported operations should be simple at first, with no fancy stuff included, but should allow extensions for the future. The syntax would be something like this: firewall {my_fw_resource: enabled => true, policy => reject, open_ports => [80,443] } Any other suggestions or improvements are welcome. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://reductivelabs.com/redmine/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
