FAQ
I'm still a bit noobish with puppet...

In short what I want to do is merge puppet managed iptables with
dynamically added rules added by some scripts. We have a basic config
setup with a template (iptables.erb) and we can add rules to that in
manifests. But of course puppet will wipe any changes made from the OS.
Any advice on how to get puppet to respect the dynamically loaded rules?

Thanks.
-G


--
-----------------------------------------------
Geoff Galitz, ggalitz@shutterstock.com
WebOps
Shutterstock Images

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Search Discussions

  • Matt Zagrabelny at Aug 15, 2012 at 7:56 pm
    Perhaps put them in a chain of their own?

    I am not sure if puppet with delete chains.

    -mz
    On Wed, Aug 15, 2012 at 1:48 PM, Geoff Galitz wrote:

    I'm still a bit noobish with puppet...

    In short what I want to do is merge puppet managed iptables with dynamically
    added rules added by some scripts. We have a basic config setup with a
    template (iptables.erb) and we can add rules to that in manifests. But of
    course puppet will wipe any changes made from the OS. Any advice on how to
    get puppet to respect the dynamically loaded rules?

    Thanks.
    -G


    --
    -----------------------------------------------
    Geoff Galitz, ggalitz@shutterstock.com
    WebOps
    Shutterstock Images

    --
    You received this message because you are subscribed to the Google Groups
    "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to
    puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at
    http://groups.google.com/group/puppet-users?hl=en.
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Luke Baker at Aug 15, 2012 at 8:55 pm
    By dynamically loading rules do you mean executing iptables <rule> or are
    you editing your iptables-save file and then reloading?
    On Wednesday, August 15, 2012 1:48:44 PM UTC-5, Geoff Galitz wrote:


    I'm still a bit noobish with puppet...

    In short what I want to do is merge puppet managed iptables with
    dynamically added rules added by some scripts. We have a basic config
    setup with a template (iptables.erb) and we can add rules to that in
    manifests. But of course puppet will wipe any changes made from the OS.
    Any advice on how to get puppet to respect the dynamically loaded rules?

    Thanks.
    -G


    --
    -----------------------------------------------
    Geoff Galitz, gga...@shutterstock.com <javascript:>
    WebOps
    Shutterstock Images
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/VX2Sj8i2-ssJ.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Geoff Galitz at Aug 15, 2012 at 9:07 pm
    We are executing iptables <rule>, not editing the backend files, though we
    could do that if that were the only option.

    -G

    On Wed, Aug 15, 2012 at 4:54 PM, Luke Baker wrote:

    By dynamically loading rules do you mean executing iptables <rule> or are
    you editing your iptables-save file and then reloading?

    On Wednesday, August 15, 2012 1:48:44 PM UTC-5, Geoff Galitz wrote:


    I'm still a bit noobish with puppet...

    In short what I want to do is merge puppet managed iptables with
    dynamically added rules added by some scripts. We have a basic config
    setup with a template (iptables.erb) and we can add rules to that in
    manifests. But of course puppet will wipe any changes made from the OS.
    Any advice on how to get puppet to respect the dynamically loaded rules?

    Thanks.
    -G


    --
    ------------------------------**-----------------
    Geoff Galitz, gga...@shutterstock.com
    WebOps
    Shutterstock Images

    --
    You received this message because you are subscribed to the Google Groups
    "Puppet Users" group.
    To view this discussion on the web visit
    https://groups.google.com/d/msg/puppet-users/-/VX2Sj8i2-ssJ.

    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to
    puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at
    http://groups.google.com/group/puppet-users?hl=en.


    --
    -----------------------------------------------
    Geoff Galitz, ggalitz@shutterstock.com
    WebOps
    Shutterstock Images

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Peter Brown at Aug 16, 2012 at 6:01 am
    Hi,

    I manage my iptables setup with the concat module and nail together a
    rules file and then reload it if it's changed
    I also have a define setup so other classes can define rules and my
    firewall class pulls them all in.
    works well for me because when i remove a class the firewall rull
    associated with it goes away too.

    I am intending on putting my modules in githib but have been super
    busy and haven't had a chance yet.
    On 16 August 2012 07:07, Geoff Galitz wrote:

    We are executing iptables <rule>, not editing the backend files, though we
    could do that if that were the only option.

    -G

    On Wed, Aug 15, 2012 at 4:54 PM, Luke Baker wrote:

    By dynamically loading rules do you mean executing iptables <rule> or are
    you editing your iptables-save file and then reloading?

    On Wednesday, August 15, 2012 1:48:44 PM UTC-5, Geoff Galitz wrote:


    I'm still a bit noobish with puppet...

    In short what I want to do is merge puppet managed iptables with
    dynamically added rules added by some scripts. We have a basic config setup
    with a template (iptables.erb) and we can add rules to that in manifests.
    But of course puppet will wipe any changes made from the OS. Any advice on
    how to get puppet to respect the dynamically loaded rules?

    Thanks.
    -G


    --
    -----------------------------------------------
    Geoff Galitz, gga...@shutterstock.com
    WebOps
    Shutterstock Images
    --
    You received this message because you are subscribed to the Google Groups
    "Puppet Users" group.
    To view this discussion on the web visit
    https://groups.google.com/d/msg/puppet-users/-/VX2Sj8i2-ssJ.

    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to
    puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at
    http://groups.google.com/group/puppet-users?hl=en.



    --
    -----------------------------------------------
    Geoff Galitz, ggalitz@shutterstock.com
    WebOps
    Shutterstock Images

    --
    You received this message because you are subscribed to the Google Groups
    "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to
    puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at
    http://groups.google.com/group/puppet-users?hl=en.
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Justin Ellison at Aug 16, 2012 at 7:27 pm
    I can't say enough good about the puppetlabs-firewall module. They've put
    a lot of work into it, and it works perfectly.

    https://github.com/puppetlabs/puppetlabs-firewall

    No need for concat here.

    Justin
    On Thursday, August 16, 2012 1:01:01 AM UTC-5, Pete wrote:

    Hi,

    I manage my iptables setup with the concat module and nail together a
    rules file and then reload it if it's changed
    I also have a define setup so other classes can define rules and my
    firewall class pulls them all in.
    works well for me because when i remove a class the firewall rull
    associated with it goes away too.

    I am intending on putting my modules in githib but have been super
    busy and haven't had a chance yet.
    On 16 August 2012 07:07, Geoff Galitz wrote:

    We are executing iptables <rule>, not editing the backend files, though we
    could do that if that were the only option.

    -G

    On Wed, Aug 15, 2012 at 4:54 PM, Luke Baker wrote:

    By dynamically loading rules do you mean executing iptables <rule> or
    are
    you editing your iptables-save file and then reloading?

    On Wednesday, August 15, 2012 1:48:44 PM UTC-5, Geoff Galitz wrote:


    I'm still a bit noobish with puppet...

    In short what I want to do is merge puppet managed iptables with
    dynamically added rules added by some scripts. We have a basic config
    setup
    with a template (iptables.erb) and we can add rules to that in
    manifests.
    But of course puppet will wipe any changes made from the OS. Any
    advice on
    how to get puppet to respect the dynamically loaded rules?

    Thanks.
    -G


    --
    -----------------------------------------------
    Geoff Galitz, gga...@shutterstock.com
    WebOps
    Shutterstock Images
    --
    You received this message because you are subscribed to the Google
    Groups
    "Puppet Users" group.
    To view this discussion on the web visit
    https://groups.google.com/d/msg/puppet-users/-/VX2Sj8i2-ssJ.

    To post to this group, send email to puppet...@googlegroups.com<javascript:>.
    To unsubscribe from this group, send email to
    puppet-users...@googlegroups.com <javascript:>.
    For more options, visit this group at
    http://groups.google.com/group/puppet-users?hl=en.



    --
    -----------------------------------------------
    Geoff Galitz, gga...@shutterstock.com <javascript:>
    WebOps
    Shutterstock Images

    --
    You received this message because you are subscribed to the Google Groups
    "Puppet Users" group.
    To post to this group, send email to puppet...@googlegroups.com<javascript:>.
    To unsubscribe from this group, send email to
    puppet-users...@googlegroups.com <javascript:>.
    For more options, visit this group at
    http://groups.google.com/group/puppet-users?hl=en.
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/2RiSuyvxkAwJ.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Dan White at Aug 16, 2012 at 8:13 pm
    I have an open issue against it, but otherwise I agree.

    http://projects.puppetlabs.com/issues/14413

    If I could come up with a workaround for this, I would be a very happy camper.


    “Sometimes I think the surest sign that intelligent life exists elsewhere in the universe is that none of it has tried to contact us.”
    Bill Waterson (Calvin & Hobbes)

    ----- Original Message -----
    From: "Justin Ellison" <justin@techadvise.com>
    To: puppet-users@googlegroups.com
    Sent: Thursday, August 16, 2012 3:27:52 PM
    Subject: Re: [Puppet Users] Re: merging iptables rules with puppet

    I can't say enough good about the puppetlabs-firewall module. They've put a lot of work into it, and it works perfectly.


    https://github.com/puppetlabs/puppetlabs-firewall

    No need for concat here.


    Justin

    On Thursday, August 16, 2012 1:01:01 AM UTC-5, Pete wrote:

    Hi,

    I manage my iptables setup with the concat module and nail together a
    rules file and then reload it if it's changed
    I also have a define setup so other classes can define rules and my
    firewall class pulls them all in.
    works well for me because when i remove a class the firewall rull
    associated with it goes away too.

    I am intending on putting my modules in githib but have been super
    busy and haven't had a chance yet.
    On 16 August 2012 07:07, Geoff Galitz wrote:

    We are executing iptables <rule>, not editing the backend files, though we
    could do that if that were the only option.

    -G

    On Wed, Aug 15, 2012 at 4:54 PM, Luke Baker wrote:

    By dynamically loading rules do you mean executing iptables <rule> or are
    you editing your iptables-save file and then reloading?

    On Wednesday, August 15, 2012 1:48:44 PM UTC-5, Geoff Galitz wrote:


    I'm still a bit noobish with puppet...

    In short what I want to do is merge puppet managed iptables with
    dynamically added rules added by some scripts. We have a basic config setup
    with a template (iptables.erb) and we can add rules to that in manifests.
    But of course puppet will wipe any changes made from the OS. Any advice on
    how to get puppet to respect the dynamically loaded rules?

    Thanks.
    -G


    --
    -----------------------------------------------
    Geoff Galitz, gga...@shutterstock.com
    WebOps
    Shutterstock Images
    --
    You received this message because you are subscribed to the Google Groups
    "Puppet Users" group.
    To view this discussion on the web visit
    https://groups.google.com/d/msg/puppet-users/-/VX2Sj8i2-ssJ .

    To post to this group, send email to puppet...@googlegroups.com .
    To unsubscribe from this group, send email to
    puppet-users...@googlegroups.com .
    For more options, visit this group at
    http://groups.google.com/group/puppet-users?hl=en .



    --
    -----------------------------------------------
    Geoff Galitz, gga...@shutterstock.com
    WebOps
    Shutterstock Images

    --
    You received this message because you are subscribed to the Google Groups
    "Puppet Users" group.
    To post to this group, send email to puppet...@googlegroups.com .
    To unsubscribe from this group, send email to
    puppet-users...@googlegroups.com .
    For more options, visit this group at
    http://groups.google.com/group/puppet-users?hl=en .



    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/2RiSuyvxkAwJ .
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
  • Peter Brown at Aug 19, 2012 at 11:49 pm
    I have been meaning to have a look at that one and see if it will work
    for what I need.
    I have likely put it off because I am always too busy and my firewall
    module works.
    I also like having the rules go away automagically if they aren't
    needed any more.
    On 17 August 2012 05:27, Justin Ellison wrote:
    I can't say enough good about the puppetlabs-firewall module. They've put a
    lot of work into it, and it works perfectly.

    https://github.com/puppetlabs/puppetlabs-firewall

    No need for concat here.

    Justin

    On Thursday, August 16, 2012 1:01:01 AM UTC-5, Pete wrote:

    Hi,

    I manage my iptables setup with the concat module and nail together a
    rules file and then reload it if it's changed
    I also have a define setup so other classes can define rules and my
    firewall class pulls them all in.
    works well for me because when i remove a class the firewall rull
    associated with it goes away too.

    I am intending on putting my modules in githib but have been super
    busy and haven't had a chance yet.
    On 16 August 2012 07:07, Geoff Galitz wrote:

    We are executing iptables <rule>, not editing the backend files, though
    we
    could do that if that were the only option.

    -G

    On Wed, Aug 15, 2012 at 4:54 PM, Luke Baker wrote:

    By dynamically loading rules do you mean executing iptables <rule> or
    are
    you editing your iptables-save file and then reloading?

    On Wednesday, August 15, 2012 1:48:44 PM UTC-5, Geoff Galitz wrote:


    I'm still a bit noobish with puppet...

    In short what I want to do is merge puppet managed iptables with
    dynamically added rules added by some scripts. We have a basic config
    setup
    with a template (iptables.erb) and we can add rules to that in
    manifests.
    But of course puppet will wipe any changes made from the OS. Any
    advice on
    how to get puppet to respect the dynamically loaded rules?

    Thanks.
    -G


    --
    -----------------------------------------------
    Geoff Galitz, gga...@shutterstock.com
    WebOps
    Shutterstock Images
    --
    You received this message because you are subscribed to the Google
    Groups
    "Puppet Users" group.
    To view this discussion on the web visit
    https://groups.google.com/d/msg/puppet-users/-/VX2Sj8i2-ssJ.

    To post to this group, send email to puppet...@googlegroups.com.
    To unsubscribe from this group, send email to
    puppet-users...@googlegroups.com.
    For more options, visit this group at
    http://groups.google.com/group/puppet-users?hl=en.



    --
    -----------------------------------------------
    Geoff Galitz, gga...@shutterstock.com
    WebOps
    Shutterstock Images

    --
    You received this message because you are subscribed to the Google
    Groups
    "Puppet Users" group.
    To post to this group, send email to puppet...@googlegroups.com.
    To unsubscribe from this group, send email to
    puppet-users...@googlegroups.com.
    For more options, visit this group at
    http://groups.google.com/group/puppet-users?hl=en.
    --
    You received this message because you are subscribed to the Google Groups
    "Puppet Users" group.
    To view this discussion on the web visit
    https://groups.google.com/d/msg/puppet-users/-/2RiSuyvxkAwJ.

    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to
    puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at
    http://groups.google.com/group/puppet-users?hl=en.
    --
    You received this message because you are subscribed to the Google Groups "Puppet Users" group.
    To post to this group, send email to puppet-users@googlegroups.com.
    To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com.
    For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouppuppet-users @
categoriespuppet
postedAug 15, '12 at 6:48p
activeAug 19, '12 at 11:49p
posts8
users6
websitepuppetlabs.com

People

Translate

site design / logo © 2022 Grokbase