I created a firewall module. In firewall/manifests/init.pp i have the
following.
class firewall {
## Always persist firewall rules
exec { 'persist-firewall':
command => '/sbin/iptables-save > /etc/sysconfig/iptables',
refreshonly => true,
}
## These defaults ensure that the persistence command is executed after
## every change to the firewall, and that pre & post classes are run in
the
## right order to avoid potentially locking you out of your box during the
## first puppet run.
Firewall {
notify => Exec['persist-firewall'],
before => Class['firewall::post'],
require => Class['firewall::pre'],
}
Firewallchain {
notify => Exec['persist-firewall'],
}
## Purge unmanaged firewall resources
##
## This will clear any existing rules, and make sure that only rules
## defined in puppet exist on the machine
resources { 'firewall': purge => true }
## include the pre and post modules
include firewall::pre
include firewall::post
}
Then you just "include firewall"
Shawn Foley
425.281.0182
On Tue, Dec 4, 2012 at 12:36 PM, Louis Coilliot <louis.coill...@think.fr>wrote:
> Hello,
>
> I can't figure out how I can use the module puppetlabs-firewall only
> for some targeted nodes.
>
> If I put :
>
> resources { "firewall": purge => true }
>
> in top scope (i.e. site.pp),
>
> then all the firewall rules on all my nodes are purged. Even for nodes
> for which I don't apply any module containing specific firewall { ...
> } resources.
>
> If I put it in a module (i.e. myfw ), then for all nodes where I
> apply a module containing firewall resources, I got a mix of the
> previous rules (defined locally with the OS) and the new ones provided
> with puppet.
>
> Did I miss something or is it the expected behaviour ?
>
> If this is expected, is there a workaround to apply the purge of the
> rules only for some nodes where I want to apply specific firewall
> rules through modules and puppet-firewall ?
>
> Thanks in advance.
>
> Louis Coilliot
>
> --
> You received this message because you are subscribed to the Google Groups
> "Puppet Users" group.
> To post to this group, send email to puppet-users@googlegroups.com.
> To unsubscribe from this group, send email to
> puppet-users+unsubscr...@googlegroups.com.
> For more options, visit this group at
> http://groups.google.com/group/puppet-users?hl=en.
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
