in case it help someone, I got it too do what I needed this way:
# Allow netbackup
define allow_netbackup() {
firewall { "300 allow netbackup traffic from ${name}":
proto => 'tcp',
dport => [13724,1556,10102,10082],
source => $name,
action => accept,
}
}
allow_netbackup { $netbackup_master_servers:}
allow_netbackup { $netbackup_media_servers: }
You're right Jacob. The bug in the module is really a documentation
bug. The doc says it expects an array for source and for destination,
when it should not.
Looking at the code it seems the module cannot provide anything
iptables itself does not, and iptables does not provide for list of
ips/networks in source and dest.
Thanks,
Mohamed.
On Tue, Nov 29, 2011 at 5:25 PM, Mohamed Lrhazi <lrh...@gmail.com> wrote:
> Cool. Thanks guys.
>
> On Tue, Nov 29, 2011 at 5:23 PM, Jacob Helwig <ja...@puppetlabs.com> wrote:
>> On 2011-11-29 13:05 , Mohamed Lrhazi wrote:
>>> Hi,
>>>
>>> am trying this rule:
>>>
>>>
>>> firewall { '100 allow ssh from GUNET':
>>> proto => 'tcp',
>>> dport => '22',
>>> source => ['10.0.0.0/8','192.168.0.0/16',],
>>> action => accept,
>>> }
>>>
>>>
>>> and it only seems to add a rule for the first subnet. The second is
>>> silently ignored.
>>>
>>> is my syntax incorrect?
>>>
>>> Thanks,
>>> Mohamed.
>>>
>>
>> The type doesn't appear to be written to handle accepting arrays in the
>> source property, so given how it's written it's expected behavior,
>> though sounds like it's rather undesirable.
>>
>> --
>> Jacob Helwig
>> http://about.me/jhelwig
>>
>>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
