I think I was able to define what is needed with the following. However,
log_level is not appearing in /etc/sysconfig/iptables. I''m using Puppet
3.2.2-1 on RHEL 6.4
Here''s my manifest code in case anybody is interested.
firewallchain { ''LOGGING:filter:IPv4'':
ensure => present,
}
firewall { ''998 jump to LOGGING'':
chain => ''INPUT'',
proto => ''all'',
jump => ''LOGGING'',
}
firewall { ''991 LOGGING'':
chain => ''LOGGING'',
proto => ''all'',
limit => ''2/min'',
log_level => ''warn'',
#log_level => 4,
log_prefix => ''IP Tables Dropped Packet:'',
jump => ''LOG'',
}
firewall { ''992 jump to DROP'':
chain => ''LOGGING'',
proto => ''all'',
action => ''drop'',
}
On Thursday, August 15, 2013 2:02:47 PM UTC-4, Thomas
wrote:>
> I''m having trouble figuring out how to get the puppetlabs firewall
module
> to place the following into /etc/sysconfig/iptables:
>
> -N LOGGING
> -A LOGGING -m limit --limit 2/min -j LOG --log-level 4 --log-prefix
> "IPTables Dropped Packet:"
> -A LOGGING -j DROP
> -A INPUT -j LOGGING
>
> This is the first time I''m trying to use firewallchain and I
can''t seem to
> determine the proper syntax to define the above.
>
> Any advise would be appreciated!
>
> Thomas
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscribe@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.