I have been working on doing something similar to this. We want to abstract for multiple OS's and deal with the joy that is Solaris zones.
Essentially, it will be a resource that defines the fw rules in XML and then a script takes all of those definitions and creates a complete set of firewall rules. I am waiting to hear back on our code release policy to see what it takes to release it once I am done. -- cwebber On Jul 10, 2011, at 12:32 PM, Alessandro Franceschi wrote: > FYI > I don't know it it may be useful , but I've done this: > https://github.com/example42/puppet-modules/tree/master/iptables > which can be used in 2 ways: > - a "standard" iptable-save approach (set $iptables_config = "file" before to > enable it) with rules file defined in > https://github.com/example42/puppet-modules/blob/master/iptables/manifests/file.pp > (here you have to add source or content arguments to mange it with static > files or templates according to your need) > - an "automatic" way (default option when you include the module) that > dymanically builds iptables rules according to the modules you include and > the iptables related variables you set (see the README) > This actually works if you use the Example42 modules (or at least the > firewall defines included in each one). > It's quite nice to see it working adding or removing dynamically but, I must > admin, is a bit resource intensive (a puppet resoutce for each dymanic rule). > > Regards > Al @ Lab42 > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/puppet-users/-/KSn4hF687gQJ. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
