Ken <k...@bob.sh> writes: > Hehehe - cool bananas. Happy to merge - just one small problem. > > I'm guessing that syntax is how you persist rules in Ubuntu? I run > Ubuntu at work now but I'm a newb: > > /sbin/iptables-save > /etc/iptables.rules
Yeah, that would be the ubuntu specific piece. I don't think ubuntu actually has a proper way to save the iptables rules. It's mostly left as an exercise for the end user, I'm not even sure that path is much agreed on. > persist_cmd = case Facter.value(:operatingsystem) > when /(Fedora|Redhat|Centos)/ then "/sbin/service iptables save" > when /(Ubuntu|Debian)/ then "/sbin/iptables-save > /etc/ > iptables.rules" > else nil > end Oh, this is much more clever. I didn't know enough ruby to do this. I think this is good approach. Ken <k...@bob.sh> writes: > Hey Marc - I was hoping you would join in the discussion :-). > >> Thanks for your patches on this module ! I love the --comment idea. I >> will definitely pull this asap. > > Thanks for writing puppet-iptables in the first place - I use it all > the time and it really makes my life easier. What he said. It's really helped my manifests. >> I'm not too comfortable with the idea of directly calling iptables-save >> in the ruby code and saving the output into a file. IMHO, the point of >> saving the output to a file is to be able to load the firewall at boot >> time, and the way this is done is distribution specific. I think this >> should be left out of the ruby part, and maybe put in some puppet class >> which does the right thing for each distribution. But of course, notify >> needs to be fixed first... > > Hmm. I see your point re: worrying about OS dependant stuff - but > examples of this are littered throughout most providers (including > core) so its not abnormal to do it this way. I don't think its as hard > as you think, but obviously if someone tries to use the module on a > distro that isn't supported you can always do nothing by default. Of > course some users may not want persistence and would want to turn it > off ... I feel ambivalent. Given the lack of standards here I suspect there may be some site specific customizations. Which I'd rather expose in puppet manifests and not ruby type defs. But, I also don't know how to make it, and tend to feel pragmatic about things. seph -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-us...@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
