With our current iptables rules, we implement the following in a script: iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT
Then the script continues on and does the rest of the rules. some custom policies, etc.Now we're moving to Puppet and trying to replace all of our scripts. From what I can tell, the puppetlabs/firewall module doesn't allow a way to set the default policy for a default chain. By default, the puppetlabs/firewall module sets it as: INPUT ACCEPT FORWARD ACCEPT OUTPUT ACCEPT I've tried going through the module to implement this, but my Ruby skills aren't there yet. As this would be the default in all of our rules, I don't need a full implementation (i.e. able to set this from a pp file), I just need to be able to set it as the default for all iptables settings. Anyone have a hack (ugly or not) to implement this? I'm looking at other firewall modules, but this one is pretty slick, and would like to use this one (albeit with this modification) if possible. Additional info (in case it matters) Server: - Debian squeeze (stable) - Puppetmaster: 2.7.6 (from squeeze-backports) - puppetlabs/firewall version 0.0.4 (current version on Puppetforge) Clients: - Debian squeeze (stable) - puppet client version 2.6.2 -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/-8H6p_Mf-kMJ. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
