> You said:
>>
>> the numbers in the namevar are ultimately for how they get
>> ordered in the file ruleset as you state - but not what order
>> they are _inserted_.
>
> Which makes me still think that the order various modules kick can affect
> the firewall rules. Thus, a stage after main is still needed to guarantee
> that the drop happens last. I hope I'm wrong, is there any alternative?
If you look at my example in the gist:
Firewall {
notify => Exec["persist-firewall"],
before => Class["my_soe::fwpost"],
require => Class["my_soe::fwpre"],
}
I'm setting it so that by default, every rule firewall resource runs
'before' Class["my_soe::fwpost"], and it requires
Class["my_soe::fwpre"]. So in this example it doesn't need stages -
just put your pre & post in those classes.
ken.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
