I can't say enough good about the puppetlabs-firewall module. They've put a lot of work into it, and it works perfectly.
https://github.com/puppetlabs/puppetlabs-firewall No need for concat here. Justin On Thursday, August 16, 2012 1:01:01 AM UTC-5, Pete wrote: > > Hi, > > I manage my iptables setup with the concat module and nail together a > rules file and then reload it if it's changed > I also have a define setup so other classes can define rules and my > firewall class pulls them all in. > works well for me because when i remove a class the firewall rull > associated with it goes away too. > > I am intending on putting my modules in githib but have been super > busy and haven't had a chance yet. > > On 16 August 2012 07:07, Geoff Galitz <[email protected]<javascript:>> > wrote: > > > > We are executing iptables <rule>, not editing the backend files, though > we > > could do that if that were the only option. > > > > -G > > > > > > On Wed, Aug 15, 2012 at 4:54 PM, Luke Baker > > <[email protected]<javascript:>> > wrote: > >> > >> By dynamically loading rules do you mean executing iptables <rule> or > are > >> you editing your iptables-save file and then reloading? > >> > >> > >> On Wednesday, August 15, 2012 1:48:44 PM UTC-5, Geoff Galitz wrote: > >>> > >>> > >>> I'm still a bit noobish with puppet... > >>> > >>> In short what I want to do is merge puppet managed iptables with > >>> dynamically added rules added by some scripts. We have a basic config > setup > >>> with a template (iptables.erb) and we can add rules to that in > manifests. > >>> But of course puppet will wipe any changes made from the OS. Any > advice on > >>> how to get puppet to respect the dynamically loaded rules? > >>> > >>> Thanks. > >>> -G > >>> > >>> > >>> -- > >>> ----------------------------------------------- > >>> Geoff Galitz, [email protected] > >>> WebOps > >>> Shutterstock Images > >>> > >> -- > >> You received this message because you are subscribed to the Google > Groups > >> "Puppet Users" group. > >> To view this discussion on the web visit > >> https://groups.google.com/d/msg/puppet-users/-/VX2Sj8i2-ssJ. > >> > >> To post to this group, send email to > >> [email protected]<javascript:>. > > >> To unsubscribe from this group, send email to > >> [email protected] <javascript:>. > >> For more options, visit this group at > >> http://groups.google.com/group/puppet-users?hl=en. > > > > > > > > > > -- > > ----------------------------------------------- > > Geoff Galitz, [email protected] <javascript:> > > WebOps > > Shutterstock Images > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "Puppet Users" group. > > To post to this group, send email to > > [email protected]<javascript:>. > > > To unsubscribe from this group, send email to > > [email protected] <javascript:>. > > For more options, visit this group at > > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/2RiSuyvxkAwJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
