Re: [Puppet Users] puppetlabs-firewall and removing a parameter

2015-08-10 Thread Matthias Saou
Hi,

So... no answers... bug report filed! :-)

https://tickets.puppetlabs.com/browse/MODULES-2376

Matthias

On Mon, 3 Aug 2015 13:26:07 +0200
Matthias Saou  wrote:

> Hi,
> 
> I had this applied to my nodes :
> 
>   firewall { "${prenumber}7 portknock let connections through":
> action   => 'accept',
> chain=> 'INPUT',
> dport=> $dports,
> proto=> 'tcp',
> recent   => 'rcheck',
> rname=> "${prefix}_heaven",
> rseconds => $seconds,
>   }
> 
> With $seconds set to '3'. Now I want to remove it entirely, which will
> mean "forever", but I just can't figure out how to do it, or even if
> it's possible at all.
> 
> When I set to undef, false or even remove the $rseconds line entirely,
> puppet just leaves the previous value on existing nodes. For new nodes
> or if I manually remove all iptables rules first, then the new rule
> gets created without any "--seconds 3" as expected.
> 
> How can I tell puppet to actually remove that parameter from existing
> rules instead of stop caring about the value?
> 
> Matthias
> 



-- 
Matthias Saou  ██  ██
 ██  ██
Web: http://matthias.saou.eu/  ██
Mail/XMPP:  matth...@saou.eu   ██  
   ██
GPG: 4096R/E755CC63██  ██  ██
 8D91 7E2E F048 9C9C 46AF  ██  ██  ██  ██
 21A9 7A51 7B82 E755 CC63  

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/20150810133509.16e8af53%40r2d2.marmotte.net.
For more options, visit https://groups.google.com/d/optout.


[Puppet Users] puppetlabs-firewall and removing a parameter

2015-08-03 Thread Matthias Saou
Hi,

I had this applied to my nodes :

  firewall { "${prenumber}7 portknock let connections through":
action   => 'accept',
chain=> 'INPUT',
dport=> $dports,
proto=> 'tcp',
recent   => 'rcheck',
rname=> "${prefix}_heaven",
rseconds => $seconds,
  }

With $seconds set to '3'. Now I want to remove it entirely, which will
mean "forever", but I just can't figure out how to do it, or even if
it's possible at all.

When I set to undef, false or even remove the $rseconds line entirely,
puppet just leaves the previous value on existing nodes. For new nodes
or if I manually remove all iptables rules first, then the new rule
gets created without any "--seconds 3" as expected.

How can I tell puppet to actually remove that parameter from existing
rules instead of stop caring about the value?

Matthias

-- 
Matthias Saou  ██  ██
 ██  ██
Web: http://matthias.saou.eu/  ██
Mail/XMPP:  matth...@saou.eu   ██  
   ██
GPG: 4096R/E755CC63██  ██  ██
 8D91 7E2E F048 9C9C 46AF  ██  ██  ██  ██
 21A9 7A51 7B82 E755 CC63  

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/20150803132607.62797e1d%40r2d2.marmotte.net.
For more options, visit https://groups.google.com/d/optout.