It depends on what you want but you could also use shorewall. http://git.black.co.at/?p=module-shorewall;a=tree It is not sure it is the site of the original puppet script author I think but I don't have the original at hand.
I'm pretty satisfied with it. In fact, these scripts are replicated on several puppet recipes repository, so I think I'm not the only satisfied :-). I choose it other simpler iptable configuration because the shorewall package (at least under Debian) ship with init scripts whereas you have to make your own for iptables. The only drawback I have with these scripts is that it regulary remake the shorewall configuration (even if puppet conf was not changed) and it take some time on slow cpu. Perhaps if it used augeas instead of concatening files it would be more "modification aware" (I don't know augeas though). I'm new with shorewall and I had to get used to the higher level of abstraction but the iptables rules maded seemed good. 2009/4/23 Matt <mattmora...@gmail.com> > > 2009/4/22 Marc Fournier <marc.fourn...@camptocamp.com>: > > > > > >> About to start looking at managing iptables on our CentOS 5.2 systems, > >> anyone know if a type/solution already exists for this? > > > > Have a look at http://github.com/camptocamp/puppet-iptables/tree/master > > It's work in progress (and currently stalled). It works for me on a > > dozen redhat 5.x hosts. > > > > Marc > > That looks like what i'm after, i'll give it a go next week. Cheers, > > Matt > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
