I''m trying to be able to use puppet to modify an existing firewall on a
web server.
The idea is that if I use puppet to do this, then if the machine ever
has to be rebuilt, aside from backups, I have a documented
configuration.
I looked at the module that was on the wiki that had a perl program and
what not, but I don''t think I''m clear on what my thinking
should be as
I go through this.
So I will tell you what I am currently thinking, and hopefully I''ll be
on the right track. :)
I have a master server, and one puppet client. Here is where things
get fuzzy for me.
I''m not sure how I would accomplish the task of editing the iptable
firewall on the puppet client.
What I''d like to do is something like this:
define task ( firewall:
add rule add rule
delete rule
}
node puppetclient {
apply firewall
}
I read through a good majority of the docs last night, but didn''t come
out with how I might do this.
Pummel me if you must! :)
Thanks for any help.
Mike B.
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
barsalou wrote:> I''m trying to be able to use puppet to modify an existing firewall on a > web server. > > The idea is that if I use puppet to do this, then if the machine ever > has to be rebuilt, aside from backups, I have a documented > configuration. > > I looked at the module that was on the wiki that had a perl program and > what not, but I don''t think I''m clear on what my thinking should be as > I go through this. > > So I will tell you what I am currently thinking, and hopefully I''ll be > on the right track. :) > > I have a master server, and one puppet client. Here is where things > get fuzzy for me. > > I''m not sure how I would accomplish the task of editing the iptable > firewall on the puppet client. > > What I''d like to do is something like this: > > define task ( firewall: > add rule add rule > delete rule > } > > node puppetclient { > apply firewall > }IMHO, You''d be better off copying an iptables script or /etc/sysconfig/iptables for example. Regards, -- Ugo Bellavance (ugob@lubik.ca) Consultant en Sécurité Informatique Lubik Inc. Site Web: http://www.lubik.ca # Tél.: 514-907-3253 # Sans Frais: 866-507-3253 # Fax.: 1-866-334-1426 Protection de courriel par LastSpam (www.lastspam.com)
On Jul 6, 2007, at 1:36 PM, barsalou wrote:> What I''d like to do is something like this: > > define task ( firewall: > add rule add rule > delete rule > } > > node puppetclient { > apply firewall > }Don''t think about it in terms of verbs, just stick to nouns. What rules do you want to have? What rules do you want to be absent? Use the iptables example that Digant posted earlier this week and declare the rules you want. -- Aizu''s Second Law: What changes the world is communication, not information. --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com