-
Notifications
You must be signed in to change notification settings - Fork 30
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
failing to setup a basic firewall #158
Comments
turns out you just need to |
Hi, I know it's not exactly user-oriented but the acceptance tests could hint on how to use the module. We can add a note to the README to make it more explicit but I'd say that the fact that users are expected to include |
On 2023-01-27 00:40:08, Nacho Barrientos wrote:
Are you including the class `nftables`?
No, I wasn't that's the prpoblem here. :)
I wonder if the various rules* class should include nftables on their
own, or if I should make an examples section.
I know it's not exactly user-oriented but the [acceptance tests](https://github.com/voxpupuli/puppet-nftables/blob/069c9fd2f7d075810ccb26a58237c63b32266658/spec/acceptance/default_spec.rb#L11) could hint on how to use the module.
Seems like I should make an examples section based on that anyway. :)
Speaking of which, is "literal programming" a thing here? Could we
e.g. run the EXAMPLES section in README.md as an acceptance test? That
would be pretty sweet...
a.
--
My passionate sense of social justice and social responsibility has
always contrasted oddly with my pronounced lack of need for direct
contact with other human beings and communities. I am truly a "lone
traveler" and have never belonged to my country, my home, my friends,
or even my immediate family, with my whole heart; in the face of all
these ties, I have never lost a sense of distance and a need for
solitude.
- Albert Einstein
|
I couldn't figure out how to use this module when I looked at the README. It was quickly going into pretty arcane stuff like "inet filter" and "ip nat table" which might make sense for the module authors or people used to nftables/iptables, but are pretty implementation specific when coming from another networking background. Instead, we just explain more clearly what the module does, and how. We also provide *more* examples, including some that might seem obvious ("you need to include nftables first") but were not obvious to me at all. I also add a warning about firewalld being stopped which seems important as well. Closes: voxpupuli#158
Affected Puppet, Ruby, OS and module versions/distributions
How to reproduce (e.g Puppet code you use)
What are you seeing
no table or ruleset created.
What behaviour did you expect instead
some magic rules allowing outgoing connexions and incoming on port 22.
Output log
Any additional information you'd like to impart
I guess this is probably me just not understanding how this module (or nftable) works, but maybe a simple EXAMPLES section in the readme could help alleviate this kind of problems.
Alternatively, wth is going on here? :)
The text was updated successfully, but these errors were encountered: