If it helps this is what I see when running in debug mode:
debug: /Stage[main]/My_fw::Post/Firewall[999 drop all]/require: requires
Class[My_fw::Pre]
debug: /Stage[main]/My_fw::Pre/Firewall[001 accept all to lo
interface]/before: requires Firewall[002 accept related established rules]
debug: /Stage[main]/Firewall::Linux::Redhat/require: requires
Package[iptables]
debug: /Stage[main]/My_fw::Pre/Firewall[000 accept all icmp]/before:
requires Firewall[001 accept all to lo interface]
debug: /Stage[main]/My_fw::Pre/Firewall[100 allow http and https
access]/before: requires Class[My_fw::Post]
debug: /Stage[main]/My_fw::Pre/Firewall[002 accept related established
rules]/before: requires Class[My_fw::Post]
debug: /Stage[main]/Users/User[pepe]: Autorequiring Group[shame]
debug: /Schedule[daily]: Skipping device resources because running on a host
debug: /Schedule[monthly]: Skipping device resources because running on a
host
debug: /Schedule[hourly]: Skipping device resources because running on a
host
debug: /Schedule[never]: Skipping device resources because running on a host
debug: Prefetching yum resources for package
debug: Puppet::Type::Package::ProviderYum: Executing '/bin/rpm --version'
debug: Puppet::Type::Package::ProviderYum: Executing '/bin/rpm -qa
--nosignature --nodigest --qf '%{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION}
%{RELEASE} %{ARCH}
''
debug: Service[iptables](provider=redhat): Executing '/sbin/service
iptables status'
debug: Puppet::Type::Service::ProviderRedhat: Executing '/sbin/chkconfig
iptables'
El martes, 1 de julio de 2014 16:17:30 UTC-3, Pablo Morales escribió:
>
> Hi there guys
> I'm new to puppet I thinks it's a great tool and I'm trying to configure
> some task to perform automatically like users and some services which I had
> no
> problems until now with iptables, this is what I'v got
>
> server and client:
> CentOS release 6.5 (Final)
>
> On client:
> puppet-2.7.25-2.el6.noarch
>
> On server:
> puppet-server-3.6.2-1.el6.noarch
> puppet-3.6.2-1.el6.noarch
>
> I'm following this:
> https://forge.puppetlabs.com/puppetlabs/firewall
>
> My config on server:
> /etc/puppet/modules/my_fw/manifests
> post.pp
> pre.pp
> class my_fw::post {
> firewall { '999 drop all':
> proto => 'all',
> action => 'drop',
> before => undef,
> }
> }
>
> class my_fw::pre {
> Firewall {
> require => undef,
> }
>
> # Default firewall rules
> firewall { '000 accept all icmp':
> proto => 'icmp',
> action => 'accept',
> }->
> firewall { '001 accept all to lo interface':
> proto => 'all',
> iniface => 'lo',
> action => 'accept',
> }->
> firewall { '002 accept related established rules':
> proto => 'all',
> ctstate => ['RELATED', 'ESTABLISHED'],
> action => 'accept',
> }
>
> firewall { '100 allow http and https access':
> port => [80, 443],
> proto => tcp,
> action => accept,
> }
>
> }
>
> /etc/puppet/manifests
> site.pp
> # tell puppet on which client to run the class
> node slnxserver {
>
> include users
>
> #resources { "firewall":
> #purge => true
> #}
>
> Firewall {
> before => Class['my_fw::post'],
> require => Class['my_fw::pre'],
> }
>
> class { ['my_fw::pre', 'my_fw::post']: }
> class { 'firewall': }
> }
>
> On the client I see the following:
> tail -f /var/log/messages
> Jul 1 16:01:09 slnxserver puppet-agent[16431]: Finished catalog run in
> 0.35 seconds
> Jul 1 16:02:41 slnxserver puppet-agent[16431]: Finished catalog run in
> 0.33 seconds
> Jul 1 16:04:13 slnxserver puppet-agent[16431]: Finished catalog run in
> 0.30 seconds
> Jul 1 16:05:45 slnxserver puppet-agent[16431]: Finished catalog run in
> 0.28 seconds
> Jul 1 16:07:17 slnxserver puppet-agent[16431]: Finished catalog run in
> 0.29 seconds
>
> No problems reported, but it seems the iptables rules are not applied, am
> I missing somthing else?
>
> The 80:443 ports is not applied:
>
> iptables -nL
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> If I uncomment the resource statement above I get:
> puppet-agent[16431]: Failed to apply catalog: Parameter name failed on
> Resources[firewall]: Could not find resource type 'firewall' at
> /etc/puppet/manifests/site.pp:8
>
>
> Thanks for your time and support, any help appreciated.
> Regards
>
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/29178a3d-d0ba-4601-9a8b-5af39276261f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
