Skip to content

camptocamp/puppet-firewall_c2c

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

109 Commits
lib/puppet/provider/firewall
lib/puppet/provider/firewall
 
 
spec
spec
 
 
tests
tests
 
 
.fixtures.yml
.fixtures.yml
 
 
.gitignore
.gitignore
 
 
.puppet-lint.rc
.puppet-lint.rc
 
 
.sync.yml
.sync.yml
 
 
.travis.yml
.travis.yml
 
 
CHANGELOG.md
CHANGELOG.md
 
 
Gemfile
Gemfile
 
 
README.md
README.md
 
 
Rakefile
Rakefile
 
 
metadata.json
metadata.json
 
 

Repository files navigation

Firewall_c2c

Puppet Forge Build Status

Overview

Monkey Patch Puppetlabs' firewall module to add an autorequirement to apply Firewall resources alphabetically.

Example:

Consider this manifest:

class { 'firewall': }
firewall { '000 accept all icmp':
  proto   => 'icmp',
  action  => 'accept',
}
firewall { '001 accept all to lo interface':
  proto   => 'all',
  iniface => 'lo',
  action  => 'accept',
}
firewall { '002 accept related established rules':
  proto   => 'all',
  ctstate => ['RELATED', 'ESTABLISHED'],
  action  => 'accept',
}

Without this module, you have to add explicit dependencies, otherwise rules are applied whithout specific order:

Notice: /Stage[main]/Main/Firewall[000 accept all icmp]/ensure: current_value absent, should be present (noop)
Notice: /Stage[main]/Main/Firewall[002 accept related established rules]/ensure: current_value absent, should be present (noop)
Notice: /Stage[main]/Main/Firewall[001 accept all to lo interface]/ensure: current_value absent, should be present (noop)

With this module, no need to define explicit dependencies:

Notice: /Stage[main]/Main/Firewall[000 accept all icmp]/ensure: current_value absent, should be present (noop)
Notice: /Stage[main]/Main/Firewall[001 accept all to lo interface]/ensure: current_value absent, should be present (noop)
Notice: /Stage[main]/Main/Firewall[002 accept related established rules]/ensure: current_value absent, should be present (noop)

And with --debug:

Debug: /Firewall[000 accept all icmp]: Autorequiring Package[iptables]
Debug: /Firewall[000 accept all icmp]: Autorequiring Package[iptables-persistent]
Debug: /Firewall[001 accept all to lo interface]: Autorequiring Package[iptables]
Debug: /Firewall[001 accept all to lo interface]: Autorequiring Package[iptables-persistent]
Debug: /Firewall[001 accept all to lo interface]: Autorequiring Firewall[000 accept all icmp]
Debug: /Firewall[002 accept related established rules]: Autorequiring Package[iptables]
Debug: /Firewall[002 accept related established rules]: Autorequiring Package[iptables-persistent]
Debug: /Firewall[002 accept related established rules]: Autorequiring Firewall[001 accept all to lo interface]

This greatly ease the usage of Puppetlabs' firewall module.

About

Add autorequire to Puppet Labs' firewall module

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

16 watching

Forks

0 forks
Report repository

Releases 2

1.0.1 Latest
Sep 5, 2014
+ 1 release

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages