Hi,
this is more of a puppet-users question, actually.
On 09/10/2014 04:16 PM, Marco wrote:
> firewall { '000 drop all except TCP 22':
> action => 'drop',
> iniface => 'eth0',
> proto => '! TCP'
> port => ['! 22'],
> }
This would not do what you think it does, anyway. It targets packages
that are neither TCP nor Port 22, so all of TCP would still be accepted.
Also udp/22 :-)
> firewall { '000 drop all':
> action => 'drop',
> iniface => 'eth0',
> proto => 'all'
> }
>
> and
>
> firewall { '000 accept TCP 22':
> action => 'accept',
> iniface => 'eth0',
> proto => 'tcp'
> port => [22],
> }
They share the same priority. Why? The Whitelisting rule should always
precede the catch-all drop.
Have you tried '999 drop all'?
Best,
Felix
--
You received this message because you are subscribed to the Google Groups
"Puppet Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-dev+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-dev/541067CD.9060107%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/d/optout.
