On Thursday, June 27, 2013 6:33:37 AM UTC-5, Ken Barber wrote:

* The ports that all nodes share in common I am adding to the
modules/my_firewall/manifests/init.pp file, but the ports that are specific
to a node I am adding to the node definition in manifests/site.pp. What
should I do to prevent the firewall rules from becoming unwieldy in my
site.pp file? It is fine if there are only a few ports open, but once I
start adding a lot of ports to the nodes it gets rather big. Any
suggestions, or is it common to have rather large node definitions?
You can of course provide a list of dport/sport's as an array -

I have been doing that for services with multiple ports. The only service I
haven't figured out out to join in one statement was DNS which requires
port 53 with TCP and UDP. When I tried making that an array, it only set
TCP and not UDP:
proto => ['tcp','udp'],

When I set it to 'all' it worked, but I would rather just have two rules
then 'all'. ;-)

however I normally associate a firewall port being opened with a
particular class/app and have the firewall definition defined there,
then by including the class you get the open port. For example, my
mysql module would open port 3306.
That is a great idea. It also ensures that I don't forget to open the
firewall when I add a module to a new system.

Yeah, it was made up - or at least, it was an old range that was
changed later on.

Great. I just wanted to ensure I wasn't going to cause myself problems for
picking numbers so high.

Thanks Ken!

You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.

Search Discussions

Discussion Posts


Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 3 of 3 | next ›
Discussion Overview
grouppuppet-users @
postedJun 27, '13 at 1:48a
activeJun 27, '13 at 12:47p

2 users in discussion

Stack Kororā: 2 posts Ken Barber: 1 post



site design / logo © 2021 Grokbase