In puppetlabs-firewall it appears that you can provide an array of source
ips as defined in types/firewall.rb (desc: An array of source
addresses....).
However, when I pass in an array of source addresses, it only applies the
first address to the ruleset.
eg:
firewall { '100 allow web':
dport => '8080',
source => ['10.0.0.1', '10.0.0.2'],
action => 'accept'
}
If I were to apply that definition above, only the 10.0.0.1 rule would be
applied.
Is this an error in my assumptions about what it means to accept an array
of source addresses? The example giving was source => '192.168.2.0/24',
which is a CIDR block, not an array. So, perhaps this is just strange
wording in the code?
This feature would be a great one to have for our workflow.
Anyone have any ideas on work arounds? How do others manage complex
firewall rules in puppet without a giant node declaration.
Thanks.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To view this discussion on the web visit
https://groups.google.com/d/msg/puppet-users/-/FEhD6P5KsA4J.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
