> I am trying to use this module, but I think I am missing something in the > setup. > > From https://github.com/puppetlabs/puppetlabs-firewall it says: > > With the latest version, we now have in-built persistence, ...you need some > basic setup to define pre & post rules. > > resources { "firewall": > purge => true > } > Firewall { > before => Class['my_fw::post'], > require => Class['my_fw::pre'], > } > class { ['my_fw::pre', 'my_fw::post']: } > class { 'firewall': } > > In my environment, I am working from a basenode definition that then gets > expanded based on location/role -- internal_server, dmz_server, etc. > > So, would I put the resources described above in my basenode ?
Yes, or at least somewhere that all the nodes that use the firewall resource can see it. > And then add > node-specific additions in the following node definitions ? Yes this is one way to do it. > And regarding the mentioned built-in persistence: Does it generate > /etc/sysconfig/iptables ? If not, I will need to add it back in. On our > systems, we depend on that file to persist the firewall across a reboot Yes, it does. We run 'service iptables save' for this to take affect on Redhat/Centos. ken. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-users?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
