Excellent !
How about if I do it this way:
class my_fw {
resources { "firewall":
purge => true
}
Firewall {
before => Class['my_fw::post'],
require => Class['my_fw::pre'],
}
class { ['my_fw::pre', 'my_fw::post']: }
class { 'firewall': }
}
Then all I need do is put
class {'my_fw': }
in my node definition. That bundles it up nice and neat.
“Sometimes I think the surest sign that intelligent life exists elsewhere in
the universe is that none of it has tried to contact us.”
Bill Waterson (Calvin & Hobbes)
----- Original Message -----
From: "Ken Barber" <[email protected]>
To: "Puppet Users" <[email protected]>
Sent: Wednesday, April 3, 2013 11:59:32 AM
Subject: Re: [Puppet Users] puppetlabs-firewall usage questions
> I am trying to use this module, but I think I am missing something in the
> setup.
>
> From https://github.com/puppetlabs/puppetlabs-firewall it says:
>
> With the latest version, we now have in-built persistence, ...you need some
> basic setup to define pre & post rules.
>
> resources { "firewall":
> purge => true
> }
> Firewall {
> before => Class['my_fw::post'],
> require => Class['my_fw::pre'],
> }
> class { ['my_fw::pre', 'my_fw::post']: }
> class { 'firewall': }
>
> In my environment, I am working from a basenode definition that then gets
> expanded based on location/role -- internal_server, dmz_server, etc.
>
> So, would I put the resources described above in my basenode ?
Yes, or at least somewhere that all the nodes that use the firewall
resource can see it.
> And then add
> node-specific additions in the following node definitions ?
Yes this is one way to do it.
> And regarding the mentioned built-in persistence: Does it generate
> /etc/sysconfig/iptables ? If not, I will need to add it back in. On our
> systems, we depend on that file to persist the firewall across a reboot
Yes, it does. We run 'service iptables save' for this to take affect
on Redhat/Centos.
ken.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
