> You said: >> >> the numbers in the namevar are ultimately for how they get >> ordered in the file ruleset as you state - but not what order >> they are _inserted_. > > Which makes me still think that the order various modules kick can affect > the firewall rules. Thus, a stage after main is still needed to guarantee > that the drop happens last. I hope I'm wrong, is there any alternative?
If you look at my example in the gist: Firewall { notify => Exec["persist-firewall"], before => Class["my_soe::fwpost"], require => Class["my_soe::fwpre"], } I'm setting it so that by default, every rule firewall resource runs 'before' Class["my_soe::fwpost"], and it requires Class["my_soe::fwpre"]. So in this example it doesn't need stages - just put your pre & post in those classes. ken. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.