Hi,
this is more of a puppet-users question, actually.
On 09/10/2014 04:16 PM, Marco wrote:
> firewall { '000 drop all except TCP 22':
> action => 'drop',
> iniface => 'eth0',
> proto => '! TCP'
> port => ['! 22'],
> }
This would not do what you think it does, anyway. It targets packages
that are neither TCP nor Port 22, so all of TCP would still be accepted.
Also udp/22 :-)
> firewall { '000 drop all':
> action => 'drop',
> iniface => 'eth0',
> proto => 'all'
> }
>
> and
>
> firewall { '000 accept TCP 22':
> action => 'accept',
> iniface => 'eth0',
> proto => 'tcp'
> port => [22],
> }
They share the same priority. Why? The Whitelisting rule should always
precede the catch-all drop.
Have you tried '999 drop all'?
Best,
Felix
--
You received this message because you are subscribed to the Google Groups
"Puppet Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-dev/541067CD.9060107%40alumni.tu-berlin.de.
For more options, visit https://groups.google.com/d/optout.
