> I am trying to use this module, but I think I am missing something in the > setup. > > From https://github.com/puppetlabs/puppetlabs-firewall it says: > > With the latest version, we now have in-built persistence, ...you need some > basic setup to define pre & post rules. > > resources { "firewall": > purge => true > } > Firewall { > before => Class['my_fw::post'], > require => Class['my_fw::pre'], > } > class { ['my_fw::pre', 'my_fw::post']: } > class { 'firewall': } > > In my environment, I am working from a basenode definition that then gets > expanded based on location/role -- internal_server, dmz_server, etc. > > So, would I put the resources described above in my basenode ?
Yes, or at least somewhere that all the nodes that use the firewall resource can see it. > And then add > node-specific additions in the following node definitions ? Yes this is one way to do it. > And regarding the mentioned built-in persistence: Does it generate > /etc/sysconfig/iptables ? If not, I will need to add it back in. On our > systems, we depend on that file to persist the firewall across a reboot Yes, it does. We run 'service iptables save' for this to take affect on Redhat/Centos. ken. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To post to this group, send email to puppet-users@googlegroups.com. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
