similar to: Using firewall module, how do I clear iptables before rules are applied?

I have a define that looks like this: define user::sys_user($fullname, $uid, $groups, $shell=''/bin/bash'', $authkey, $authkey_type=rsa) { $username = "sys_${name}" group { $username: gid => $uid, } user { $username: require => Group[$username], ensure => present,

I am working on this module: https://github.com/belminf/puppet-iptables I have this defined resource: define iptables::hole ($proto=''tcp'', $port, $source=undef) { firewall { "100 input: $name": chain => ''INPUT'', proto => $proto, dport => $port, source => $source, action => ''accept'',

Hi, am trying this rule: firewall { ''100 allow ssh from GUNET'': proto => ''tcp'', dport => ''22'', source => [''10.0.0.0/8'',''192.168.0.0/16'',], action => accept, } and it only seems to add a rule for the first subnet. The second is silently

> - your SteveTraylen straylen > - inform them that you are a member of the ConfigManagementSig Hi I am a member of the ConfigManagementSig > - Ask to have access to 1. your personnal page 2. https://wiki.centos > .org/SpecialInterestGroup/ConfigManagementSIG Please may I have access to my personal page the the ConfigManagementSIG. Many thanks. Steve.

Hi First we are using pxelinux.0 from syslinux-2.09 and out hardware is from lspci 03:01.0 Ethernet controller: Intel Corp. 82541EI Gigabit Ethernet Controller (Copper) We booted some 200 machines successfully over the last few days using pxelinux.0 and a root over NFS that requires kernel level IP configuration. The only failures were hosts with IP address >

How do folks feel about getting Puppet job listings on this list? I''ve rejected a few that we quite spammy, but when the subject matter really is a system admin with puppet experience, the decision becomes a bit different. I''m looking for general feelings. A simple +1 or -1 would be great. Mike -- You received this message because you are subscribed to the Google Groups

I''m using puppetlabs/firewall with Puppet 2.7.2, and for the most part it''s working great. I have this in my sites.pp, which I took from this list sometime ago, to save firewall rules to disk when they''re changed: # Always persist firewall rules if ($kernel == ''Linux'') { exec { ''persist-firewall'':

I''ve been using camptocamp''s iptables module. It works pretty well, lets me define rules in various modules, etc. Now I find myself needing to generate a commented list of it''s rules. I notice that the README has a nice exec suggestion. But, when I try it, I can''t get it to work. In my iptables/manifests/init.pp I have: Iptables { before =>

https://bugzilla.netfilter.org/show_bug.cgi?id=1211 Bug ID: 1211 Summary: When showing firewall status (iptables -vnL or iptables -L), some output is not as expected Product: iptables Version: unspecified Hardware: All OS: All Status: NEW Severity: minor Priority: P5

http://bugzilla.netfilter.org/show_bug.cgi?id=580 Summary: iptables-restore and iptables-save lack comparison of a saved ruleset against the currently deployed rules Product: iptables Version: unspecified Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P1

https://bugzilla.netfilter.org/show_bug.cgi?id=580 Phil Oester <netfilter at linuxace.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED CC| |netfilter at linuxace.com Resolution|

https://bugzilla.netfilter.org/show_bug.cgi?id=580 Jan Engelhardt <jengelh at medozas.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|WONTFIX | --- Comment #4 from Jan Engelhardt <jengelh at

https://bugzilla.netfilter.org/show_bug.cgi?id=580 --- Comment #5 from Phil Oester <netfilter at linuxace.com> 2013-06-24 20:07:02 CEST --- Unclear how you can say with certainty that this is impossible, but let's ignore that point for the moment. Is there some reason that iptables-save should do the sorting for userspace scripts? Another alternative would be to always load the

https://bugzilla.netfilter.org/show_bug.cgi?id=580 --- Comment #6 from Jan Engelhardt <jengelh at medozas.de> 2013-06-24 20:32:22 CEST --- >Unclear how you can say with certainty that this is impossible Right now, tables are output in permutations that are considered to be random. (Sure there is module load order, but that is not documented, nor is it actually a usable assumption for

https://bugzilla.netfilter.org/show_bug.cgi?id=580 --- Comment #7 from Phil Oester <netfilter at linuxace.com> 2013-06-24 23:34:51 CEST --- > would you be thrilled if all the rules were in random order too? This comparison is a bit far fetched, given that ordering of rules is so important (accept before drop, etc). The order in which tables are output in iptables-save is largely

https://bugzilla.netfilter.org/show_bug.cgi?id=580 Phil Oester <netfilter at linuxace.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|jengelh at medozas.de |netfilter-buglog at lists.netf | |ilter.org -- Configure

Hi, This follows on a bit from the previous thread ''trouble with hiera and puppet defines'' [1] Up to now I''ve had a large file of virtual resources and then enabled them on demand on various services. The very standard. @metric{''1234: one => 1 two => [1,2] } @metric{''abcd'': one => a, two => [b,c] } and

I noticed that XCP has what looks like the default RHEL/CentOS firewall rules running. Is it safe (from the perspective of no loss of functionality) to disable iptables? I''ve done it already and can''t see any noticeable impact.. Thanks!

Greetings, I am trying to get an IP phone working through a linux based iptables firewall. I have an asterisk server with a public IP address. I ran netcheck from FWD. It says that it is a Port Restricted Nat. I tried the recommended FWD approach, changing the FWD-specific settings to the * server's. I have tried every conveivable config on the phone (Yes to NAT traversal with STUN

Hi, I'm planning to use CentOS 6.x on a handful of LAN servers. So far I've been using Slackware64 14.0 and 14.1 for the job. I wonder what's the orthodox/recommended way of configuring and iptables firewall with CentOS. I understand there's the system-config-securitylevel-tui NCurses interface which allows defining a basic set of rules. But what about the handful of more