Hey Marc - I was hoping you would join in the discussion :-). > Thanks for your patches on this module ! I love the --comment idea. I > will definitely pull this asap.
Thanks for writing puppet-iptables in the first place - I use it all the time and it really makes my life easier. > I'm not too comfortable with the idea of directly calling iptables-save > in the ruby code and saving the output into a file. IMHO, the point of > saving the output to a file is to be able to load the firewall at boot > time, and the way this is done is distribution specific. I think this > should be left out of the ruby part, and maybe put in some puppet class > which does the right thing for each distribution. But of course, notify > needs to be fixed first... Hmm. I see your point re: worrying about OS dependant stuff - but examples of this are littered throughout most providers (including core) so its not abnormal to do it this way. I don't think its as hard as you think, but obviously if someone tries to use the module on a distro that isn't supported you can always do nothing by default. Of course some users may not want persistence and would want to turn it off ... The convenience of having your module 'just work' without extra magic is a + for users I would imagine. At least for me it is. *shrug*. > Any pointer on this is very welcome: what sort of magic must be put in > a puppet type to allow it to send notification to other resources once > it has run ? I'll take a look tonight. I think because you do all your changes quite late in the flow it might pose some problems with ordering. Let me take a proper look. ken. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.