Hi all,
I'm attempting to use the puppetlabs-firewall module. In testing,
rules are enabled in a random order, so it seems necessary to utilize
puppet stages to guarantee proper ordering.
I created a module to organize my firewalling. It consists of
localfw::pre to open the INPUT chain for established and related
connections, localfw::default for most normal rules, and localfw::post
to block everything else.
I run localfw::pre before stage[main] and localfw::post after. This
has fixed my firewall rules ordering issue, yay. However, rules are
now not being saved :(
I tried adding include localfw::config to ::pre, ::post, and ::default
which consisted of the persistence definitions:
exec { "persist-firewall":
command => "/sbin/iptables-save > /var/lib/iptables/rules.v4",
require => File ["/var/lib/iptables"],
refreshonly => true,
}
Firewall {
notify => Exec["persist-firewall"]
}
and while I don't get any errors, I also don't get any firewall rules
saved. It appears that Firewall never kicks to run the exec. If I add
these bits to localfw::pre, then the pre rules get saved. If I add to
localfw::post then all get saved, as expected. But in that case,
normal firewall changes to a node don't cause localfw::post to run
again, and thus aren't saved.
What is the recommended way to save iptables rules for persistence
when using puppet stages? Has anyone made this work?
Thanks
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
