> You said:
>>
>> the numbers in the namevar are ultimately for how they get
>> ordered in the file ruleset as you state - but not what order
>> they are _inserted_.
>
> Which makes me still think that the order various modules kick can affect
> the firewall rules. Thus, a stage after main is still needed to guarantee
> that the drop happens last. I hope I'm wrong, is there any alternative?

If you look at my example in the gist:

Firewall {
  notify => Exec["persist-firewall"],
  before => Class["my_soe::fwpost"],
  require => Class["my_soe::fwpre"],
}

I'm setting it so that by default, every rule firewall resource runs
'before' Class["my_soe::fwpost"], and it requires
Class["my_soe::fwpre"]. So in this example it doesn't need stages -
just put your pre & post in those classes.

ken.

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to 
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at 
http://groups.google.com/group/puppet-users?hl=en.

Reply via email to