Displaying 20 results from an estimated 5000 matches similar to: "Using firewall module, how do I clear iptables before rules are applied?"
2011 Nov 29
1
How do I require a resource in a definition based on an array parameter?
I have a define that looks like this:
define user::sys_user($fullname, $uid, $groups, $shell=''/bin/bash'',
$authkey, $authkey_type=rsa) {
$username = "sys_${name}"
group { $username:
gid => $uid,
}
user { $username:
require => Group[$username],
ensure => present,
2012 Jan 07
3
How can I have a defined resource depend on a resource that is not in the global scope?
I am working on this module:
https://github.com/belminf/puppet-iptables
I have this defined resource:
define iptables::hole ($proto=''tcp'', $port, $source=undef) {
firewall { "100 input: $name":
chain => ''INPUT'',
proto => $proto,
dport => $port,
source => $source,
action => ''accept'',
2011 Nov 29
5
puppetlabs-firewall: source param as array
Hi,
am trying this rule:
firewall { ''100 allow ssh from GUNET'':
proto => ''tcp'',
dport => ''22'',
source => [''10.0.0.0/8'',''192.168.0.0/16'',],
action => accept,
}
and it only seems to add a rule for the first subnet. The second is
silently
2016 Mar 15
1
SteveTraylen - new member of the configmanagementsig
> - your SteveTraylen straylen
> - inform them that you are a member of the ConfigManagementSig
Hi I am a member of the ConfigManagementSig
> - Ask to have access to 1. your personnal page 2. https://wiki.centos
> .org/SpecialInterestGroup/ConfigManagementSIG
Please may I have access to my personal page the the
ConfigManagementSIG.
Many thanks.
Steve.
2004 Aug 02
1
pxelinux.0 fails when ip address matchs nnn.nnn.nnn.n0n.
Hi
First we are using pxelinux.0 from syslinux-2.09 and out hardware is
from lspci
03:01.0 Ethernet controller: Intel Corp.
82541EI Gigabit Ethernet Controller (Copper)
We booted some 200 machines successfully over the last few days
using pxelinux.0 and a root over NFS that requires kernel level
IP configuration.
The only failures were hosts with IP address
>
2012 May 30
20
Thoughts on job listings?
How do folks feel about getting Puppet job listings on this list?
I''ve rejected a few that we quite spammy, but when the subject matter
really is a system admin with puppet experience, the decision becomes
a bit different.
I''m looking for general feelings. A simple +1 or -1 would be great.
Mike
--
You received this message because you are subscribed to the Google Groups
2013 Mar 12
4
Optional loading of firewall rules
I''m using puppetlabs/firewall with Puppet 2.7.2, and for the most part it''s
working great. I have this in my sites.pp, which I took from this list
sometime ago, to save firewall rules to disk when they''re changed:
# Always persist firewall rules
if ($kernel == ''Linux'') {
exec { ''persist-firewall'':
2010 Apr 19
7
getting a list of rules out of iptables
I''ve been using camptocamp''s iptables module. It works pretty well, lets
me define rules in various modules, etc. Now I find myself needing to
generate a commented list of it''s rules. I notice that the README has a
nice exec suggestion. But, when I try it, I can''t get it to work.
In my iptables/manifests/init.pp I have:
Iptables {
before =>
2018 Jan 05
0
[Bug 1211] New: When showing firewall status (iptables -vnL or iptables -L), some output is not as expected
https://bugzilla.netfilter.org/show_bug.cgi?id=1211
Bug ID: 1211
Summary: When showing firewall status (iptables -vnL or
iptables -L), some output is not as expected
Product: iptables
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: minor
Priority: P5
2009 Feb 26
1
[Bug 580] New: iptables-restore and iptables-save lack comparison of a saved ruleset against the currently deployed rules
http://bugzilla.netfilter.org/show_bug.cgi?id=580
Summary: iptables-restore and iptables-save lack comparison of a
saved ruleset against the currently deployed rules
Product: iptables
Version: unspecified
Platform: All
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P1
2013 Jun 24
0
[Bug 580] iptables-restore and iptables-save lack comparison of a saved ruleset against the currently deployed rules
https://bugzilla.netfilter.org/show_bug.cgi?id=580
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
CC| |netfilter at linuxace.com
Resolution|
2013 Jun 24
0
[Bug 580] iptables-restore and iptables-save lack comparison of a saved ruleset against the currently deployed rules
https://bugzilla.netfilter.org/show_bug.cgi?id=580
Jan Engelhardt <jengelh at medozas.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|WONTFIX |
--- Comment #4 from Jan Engelhardt <jengelh at
2013 Jun 24
0
[Bug 580] iptables-restore and iptables-save lack comparison of a saved ruleset against the currently deployed rules
https://bugzilla.netfilter.org/show_bug.cgi?id=580
--- Comment #5 from Phil Oester <netfilter at linuxace.com> 2013-06-24 20:07:02 CEST ---
Unclear how you can say with certainty that this is impossible, but let's
ignore that point for the moment.
Is there some reason that iptables-save should do the sorting for userspace
scripts? Another alternative would be to always load the
2013 Jun 24
0
[Bug 580] iptables-restore and iptables-save lack comparison of a saved ruleset against the currently deployed rules
https://bugzilla.netfilter.org/show_bug.cgi?id=580
--- Comment #6 from Jan Engelhardt <jengelh at medozas.de> 2013-06-24 20:32:22 CEST ---
>Unclear how you can say with certainty that this is impossible
Right now, tables are output in permutations that are considered to be random.
(Sure there is module load order, but that is not documented, nor is it
actually a usable assumption for
2013 Jun 24
0
[Bug 580] iptables-restore and iptables-save lack comparison of a saved ruleset against the currently deployed rules
https://bugzilla.netfilter.org/show_bug.cgi?id=580
--- Comment #7 from Phil Oester <netfilter at linuxace.com> 2013-06-24 23:34:51 CEST ---
> would you be thrilled if all the rules were in random order too?
This comparison is a bit far fetched, given that ordering of rules is so
important (accept before drop, etc). The order in which tables are output in
iptables-save is largely
2013 Aug 27
0
[Bug 580] iptables-restore and iptables-save lack comparison of a saved ruleset against the currently deployed rules
https://bugzilla.netfilter.org/show_bug.cgi?id=580
Phil Oester <netfilter at linuxace.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|jengelh at medozas.de |netfilter-buglog at lists.netf
| |ilter.org
--
Configure
2012 May 14
2
defaults for virtual defined resources from hiera.
Hi,
This follows on a bit from the previous thread ''trouble with hiera and
puppet defines'' [1]
Up to now I''ve had a large file of virtual resources and then enabled them
on demand
on various services. The very standard.
@metric{''1234:
one => 1
two => [1,2]
}
@metric{''abcd'':
one => a,
two => [b,c]
}
and
2011 Nov 28
1
[XCP] IPtables firewall - safe to disable?
I noticed that XCP has what looks like the default RHEL/CentOS firewall rules running. Is it safe (from the perspective of no loss of functionality) to disable iptables?
I''ve done it already and can''t see any noticeable impact..
Thanks!
2005 Jul 28
1
Problem with BT100 behind iptables firewall
Greetings,
I am trying to get an IP phone working through a linux based iptables
firewall. I have an asterisk server with a public IP address.
I ran netcheck from FWD. It says that it is a Port Restricted Nat.
I tried the recommended FWD approach, changing the FWD-specific settings
to the * server's. I have tried every conveivable config on the phone
(Yes to NAT traversal with STUN
2014 Oct 13
0
Recommended way of handling iptables firewall in CentOS?
Hi,
I'm planning to use CentOS 6.x on a handful of LAN servers. So far I've
been using Slackware64 14.0 and 14.1 for the job.
I wonder what's the orthodox/recommended way of configuring and iptables
firewall with CentOS. I understand there's the
system-config-securitylevel-tui NCurses interface which allows defining
a basic set of rules. But what about the handful of more