Hi,
I have used the following to set default policy.
firewallchain { 'FORWARD:filter:IPv4':
ensure => present,
policy => drop,
}
firewallchain { 'INPUT:filter:IPv4':
ensure => present,
policy => drop,
}
Andy
On Friday, 16 March 2012 22:28:06 UTC, Krzysztof Wilczynski wrote:
>
> HI Chris,
>
> Awesome, +1 :)
>
> KW
>
> On Friday, 16 March 2012 22:09:34 UTC, Chris O'Donnell wrote:
>>
>> FYI, I downloaded the following branch this morning:
>>
>> git clone -b ticket/10162-firewallchain_support_for_merge git://
>> github.com/kbarber/puppetlabs-firewall.git
>>
>> and found a bug where the args for iptables were being fed to it in the
>> wrong order. I made the following patch, and emailed it to Ken:
>>
>> --- iptables_chain.rb.orig 2012-03-16 17:14:29.000000000 -0400
>> +++ iptables_chain.rb 2012-03-16 16:31:40.000000000 -0400
>> @@ -73,7 +73,7 @@
>>
>> def policy=(value)
>> return if value == :empty
>> - allvalidchains do |t, table, chain|
>> + allvalidchains do |t, chain, table|
>> p = ['-t',table,'-P',chain,value.to_s.upcase]
>> debug "[set policy] #{t} #{p}"
>> t.call p
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/c13fc207-6c5e-4079-afe7-74da99973d66%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
