You shouldn't need the 'before' in the 'iptables' resource. Not quite sure why its not executing, but how about this ...
http://github.com/kbarber/puppet-iptables Its a mod to the camptocamp code. It persists iptables with iptables- save without requiring an external exec notify. It also stores the resource name as a comment using iptables --comment ... so you can easily see the comments when you do an iptables -vnL. This is quite good for putting a 'reason' for a rule and having ordinary admins see it themselves without having to check puppet. It also carries other modes like SNAT support and --tosource and -- toports for REDIRECT. It was only tested on RHEL5.x - your mileage may vary. ken. On Apr 19, 8:05 pm, seph <s...@directionless.org> wrote: > I've been using camptocamp's iptables module. It works pretty well, lets > me define rules in various modules, etc. Now I find myself needing to > generate a commented list of it's rules. I notice that the README has a > nice exec suggestion. But, when I try it, I can't get it to work. > > In my iptables/manifests/init.pp I have: > > Iptables { > before => Exec["iptables::save::rules"], > notify => Exec["iptables::save::rules"], > require => Package["iptables"], > } > exec { "iptables::save::rules": > command => "iptables-save > /etc/iptables.rules", > refreshonly => true, > } > > But I don't see that exec being called. Nor do I see any attempts at > calling it. (I've even been testing with the command set to "false") > Anyone know what's up with this, or have another suggestion for > generating such a list? > > seph > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-us...@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group > athttp://groups.google.com/group/puppet-users?hl=en. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
