Forum: Cfengine Help Subject: Iptables and Cfengine Author: neilhwatson Link to topic: https://cfengine.com/forum/read.php?3,19976,19976#msg-19976
I've been looking at Mark's release of the Cloud Pack(1). In it there is a policy for maintaining Iptables(2). This is trickier than one might think. The promise shown will keep the saved version of what Iptables rules should be running correct. It does not address what is actually running. New rules can be inserted into the kernel without altering the Iptables 'save' file. What to do? In the past I have compared the output of iptables -L with the ideal output stored in file. If it is different then I reload my master rules. I am curious what others have done. 1. http://www.cfengine.org/cftimes/articles/0000000048.html 2. http://source.cfengine.com/browse/copbl/trunk/OrionCloudServices/iptables.cf?revision=65&view=markup _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
