similar to: Optional loading of firewall rules

Hello, I can''t figure out how I can use the module puppetlabs-firewall only for some targeted nodes. If I put : resources { "firewall": purge => true } in top scope (i.e. site.pp), then all the firewall rules on all my nodes are purged. Even for nodes for which I don''t apply any module containing specific firewall { ... } resources. If I put it in a module

We''re testing out the Puppetlabs-Firewall module. And it seems I''m either missing something fundamental or Logging/Accpet works/doesn''t work in an irregular way. I would be most grateful for some input. *COMMON:* firewall { ''002 accept related established rules INPUT'': proto => ''all'', state =>

Hi, First, some software versions, just to get them out of the way: - CentOS 5.x through Centos 6.2 - Ruby 1.8.5 - 1.8.7 - Puppet 2.7.19 - Facter 1.6.11 Just a note - we''re working from the EPEL repos almost exclusively. I am working with the firewall module, and so far I am unable to use firewallchain. Some digging suggests that it''s not completely user error (though I

Hi all, I''m attempting to use the puppetlabs-firewall module. In testing, rules are enabled in a random order, so it seems necessary to utilize puppet stages to guarantee proper ordering. I created a module to organize my firewalling. It consists of localfw::pre to open the INPUT chain for established and related connections, localfw::default for most normal rules, and localfw::post to

These patches implement a new mux client request to list the currently opened TCP forwardings. It also removes some todos regarding keeping the list of forwardings in the options up-to-date. Bert Wesarg (6): attach the forwarding type to struct Forward merge local and remote forward lists generate unique ids for forwardings to be used for identification remove closed forwardings from

Hello, Today I tried using "dynamically assigned" port for remote listener, by requesting listener on port 0. This is supposed to create a listener on a port choosen by server. Everything seemed OK (the choosen port was sent back to client), but forwarding was refused. So I checked the source. in channels.c, function: channel_setup_fwd_listener /* *

Hi! Sorry if this has already been reported or even fixed, I didn't search very thoroughly. Here's a patch to make dynamic -R remote port allocation work even when not connecting as root. Without the patch I got that "Server has disabled port forwarding." message visible in the patch. OpenSSH version I'm using is openssh-5.2p1, compiled from official source package,

Hi, Just a usecase that I'm sure has been covered before but just in case its not an openssh solution would be very helpful. I was trying to install software on a server that was firewalled so no outbound http connections would work. I was also tunnelling via another server. Outbound ssh connections also were a convenient option. What would have been nice would be a remote version of

Hi ! Here's a patch to add remote port forwarding support (protocol 2) for openssh. I have tried to test that it works like it should but a more thorough testing is needed. This patch adds both client/server support. The patch should be applied to openssh-2.1.1p4 source tree. Also included is a PortForwarding sshd_config option, new ./configure option --disable-forwarding that should make it

https://bugzilla.mindrot.org/show_bug.cgi?id=2147 Bug ID: 2147 Summary: OpenSSH remote forwarding of dynamic ports doesn't work when you create more than one Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: normal Priority: P5

I am currently using Puppet''s firewall module: http://forge.puppetlabs.com/puppetlabs/firewall I am trying to have Puppet flush iptables before it applies firewall rules. I tried the following: exec { ''clear-firewall'': command => ''/sbin/iptables -F'', refreshonly => true, } Firewall { subscribe =>

Hi list, I've a problem with vsftpd on C7.3. This is a dedicated server protected by a Zywall5. SELINUX is disabled. This is my vsftpd configuration: anonymous_enable=NO local_enable=YES write_enable=YES local_umask=022 dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_file=/var/log/vsftpd.log xferlog_std_format=YES idle_session_timeout=600

On Thu, May 04, 2017 at 09:37:59AM +1000, Adam Eijdenberg wrote: > Hi Devin, have you looked at using openssh certificates to help manage [...] > While the feature has been around for a while now (and is really > useful), there doesn't seem to be huge amount of documentation around > it. I found the following useful when getting a client of my running Yeah, when I wrote about it

Hello all, I encountered a problem when trying to setup a remote portforward using OpenSSH 3.5p1. If the port that I was trying to listen to on the remote side was already in use, a message 'cannot bind to port: 5000' was written to the syslog, but the connection still persisted. I had no way on the client side to know that the listening wasn't taking place. that is, the

Hi, I've sent that patch once already but it seems more or less forgotten in the tumultuous days of the latest vulnerability. It adds a new define NO_IPPORT_RESERVED_CONCEPT which can be defined on platforms not supporting the concept of "privileged" ports only accessible by privileged users but which allow everyone to use these ports. This patch removes some Cygwin dependencies

I''m using puppet through Vagrant to manage my dev VM, and as part of that I have a few database grants that I run after creating users, but when I subsequently run vagrant up or provision these grants fail (because of some changes I make to the mysql config after they have been created.) I''m using database_grant to execute the grants, but there doesn''t seem to be a

user {''username'': uid => 501, gid => ''staff'', comment => ''comment'', ensure => present, home => ''/Users/sysop'', shell =>

Hi, the attached patch implements adding and canceling of remote port forwardings by communicating with a running ssh client via a control socket. Thus, one can do this: ssh -MNfS ~/.ssh/ctl remotehost and then: ssh -S ~/.ssh/ctl -O add-rforward 2000:forward:80 localhost to add a new remote forwarding or ssh -S ~/.ssh/ctl -O cancel-rforward localhost:2000 localhost to remove it. The

Just forwarding this changelog from yesterday. xcs now uses Unix domain sockets in unstable. This was a hot thread a couple months back with strong opinions on both sides and no clear resolution on the list, so I thought some people might like to know the developers'' resolution. This should be good news for those seeking tighter dom0''s, particularly those who

hello: i currently am using Puppet to run some commands in a sequence. there are two sequences of exec resources. we found that we cannot use require => Exec and it does not work at all as expected. here is some sample code. exec { "exec-AAA": command => "/bin/true", returns => 0, notify => Exec["exec-BBB"], } exec { "exec-BBB":