Hi,
I haven't used a similar rule on IPtables, so I don't know if the puppet
one created is equivalent.
So next step i think would be check different iptables output from the same
rule. The one created by the command line and the one created by puppet.
The steps would be
1.- Flush the iptables table
2.- Create the rule by command line
3.- Save the output of "iptables -L"
4.- Flush the iptables table
5.- Create the the rule again using puppet
puppet apply -e '
firewall { '9001 b869ac85751524ce9edb979d29058969':
ensure => 'present',
action => 'drop',
chain => '--hashlimit-mode',
dport => ['bad-client'],
iniface => 'srcip',
isfragment => 'false',
proto => '--hashlimit-name',
random => 'false',
rdest => 'false',
reap => 'false',
rsource => 'false',
rttl => 'false',
socket => 'false',
table => 'filter',
}
'
6.- Save the output of "iptables -L"
7.- Compare both outputs to see if both ways generate the same output
Hope it helps
Best regards
--------------------------------------------------------------------------------------
Juan Sierra Pons [email protected]
Linux User Registered: #257202
Web: http://www.elsotanillo.net Git: http://www.github.com/juasiepo
GPG key = 0xA110F4FE
Key Fingerprint = DF53 7415 0936 244E 9B00 6E66 E934 3406 A110 F4FE
--------------------------------------------------------------------------------------
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/CABS%3Dy9u0MaWNh7pVEyUG1bSig7zXR_%2BoMSbcZ%3DOswSksVy%2BECA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
