similar to: iptables module?

Is there a way to exec something on purge?

On Fri, 12 Apr 2019, mj wrote: > What we do is: use https://github.com/trick77/ipset-blacklist to block IPs > (from various existing blacklists) at the iptables level using an ipset. "www.blocklist.de" is a nifty source. Could you suggest other publically available blacklists? > That way, the known bad IPs never even talk to dovecot, but are dropped > immediately. We

On 15/12/17 07:05, Kenneth Porter wrote: > I came across this on the Fedora devel list. I added > /etc/sysctl.d/51-bufferbloat.conf containing the suggested line and it > installs the new codel qdisc as desired. There's probably more knobs > that might be useful to tweak but this makes a good start. More reading > on the bufferbloat site suggests that the later "cake"

I'm deploying a CentOS 7 box as a gateway and I'm trying to figure out how to set up traffic shaping. Historically I've used the Wondershaper script but apparently it's not deprecated in favor of superior queue management. I haven't yet found a packaged solution and I'm wondering what others do to configure this kind of thing. Apparently the new modules are available

Anyone ever migrated the puppetca to a different host? What are the steps that are involved?

Is there a way to tell the puppetmaster that I want to import all modules rather than listing each one individually?

I need a decent, easy, firewall on Centos. This is for test systems, so I do not need a lot. For 'a lot', I use and Astaro firewall. I had used Firestarter once, but found out that it cannot handle routing between a public and private network. Basically saying this is impossible. Of course, if your private network is addressed per RFC 1918 (that I co-authored), I can understand

file { "/var/log/syslog": target => "/var/log/messages" } generates the following error: err: //henson/stanford/syslog/file=/var/log/syslog: Failed to retrieve current state: undefined method `should'' for false:FalseClass

Hello community, We are running puppetmaster 0.22.3 with 45 servers attached and we are seeing a lot of messages that say: (err): Could not describe /ssh/sshd_config.RedHat: End of file reached: We were seeing a lot of this with 0.22.1 as well. Interestingly, during the stretch where we were running 0.22.2 (most of April until 2 days ago) we didn''t see this error at all or very

Besides using an exec line with a case statement(to determine the specific os''s disable command), does puppet come with a buit in method to disable a user account? Thanks!. --------------------------------- Get the Yahoo! toolbar and be alerted to new email wherever you''re surfing. _______________________________________________ Puppet-users mailing list

What is everyone''s experience with Puppet on Ubuntu? Does it work as expected? Any caveats or oddities? -- DK -- Digant C Kasundra <digant@stanford.edu> Technical Lead, ITS Unix Systems and Applications, Stanford University

On 1/9/20 2:08 AM, Pete Biggs wrote: >> Has anyone created a fail2ban filter for this type of attack? As of >> right now, I have manually banned a range of IP addresses but would >> like to automate it for the future. >> > As far as I can see fail2ban only deals with hosts and not networks - I > suspect the issue is what is a "network": It may be obvious to

In the normal override method, you can change the value of a parameter, but can you unset a parameter? file { "/etc/somefile": mode => 644, owner => "dude" } File ["/etc/somefile"] { mode => unset } ??

--On Monday, May 14, 2007 9:16 PM -0700 Jos Backus <jos@catnook.com> wrote: > ObPuppet: we ramping up our deployment this week to around 200 hosts. So > far everything has been going smoothly. We don''t have nearly as many and yet, we see occasional errors ("End of file reached") which seems to indicate the network cutting out. I can''t imagine what would

I turned on reporting the other day and I''m seeing alot of these when puppet runs. Especially during times when nothing is going on (middle of the night etc) Tue Dec 11 12:34:48 -0500 2007 //base/puppet/puppet::client/Service[puppet]/ensure (notice): ensure changed ''stopped'' to ''running'' It''s also quite odd that puppet when it runs it thinks

Hello Puppet users, I had talked with Luke about this scenario and was wondering how others would/are handling something like this. Imagine a scenario where all servers will have a specific postfix configuration except for a server or two or three. So, you want to define a file "/etc/postfix/main.cf" and specify the source from your dist tree. But for those exceptional servers,

Hello, I am currently experiencing a bit of a quandry with how to specify default configuration applications to generic nodes. Here is an example setup: Classes: Class A Class B inherits Class A Class C inherits Class B Problem: I have unique hosts (nodes) X and Y and a bunch of other standard hosts. I would like X and Y to be able to override attributes in Class C (thus inherit class C) but

Anyone using the rrdgraph report on the puppetmaster on Debian stable? I''m trying to get this working and not getting far. I even took rrdtool and librrd0-dev from backports and I still get the same problem. It seems that the rrdfiles are being somewhat created, but nevertheless, the puppetmaster isn''t happy and keeps spewing: err: Report rrdgraph failed: Could not create

I''m sure everyone has read and committed the Puppet Best Practice to memory by now (I joke). One of the things I''ve written in there deals with trailing commas, which I adopted from the way I used to do multiline in Perl, but I''ve noticed that most people don''t tend to do that in Puppet. Should I revise this or should we all start using the trailing commas?

Hello folks, I''ve blended/updated the Glossary of Terms (<http://reductivelabs.com/trac/puppet/wiki/GlossaryOfTerms>). It seems the definition of "manifests" is a bit different amongst members. Some people consider a "manifest" to be a configuration file written in puppet, e.g. any .pp file. But at my organization, we''ve considered the totality