Also, did you see the example in the firewall module README.markdown ?
Creating a new rule that forwards to a chain, then adding a rule to this chain:
firewall { '100 forward to MY_CHAIN':
chain => 'INPUT',
jump => 'MY_CHAIN',
}
# The namevar here is in the format chain_name:table:protocol
firewallchain { 'MY_CHAIN:filter:IPv4':
ensure => present,
}
firewall { '100 my rule':
chain => 'MY_CHAIN',
action => 'accept',
proto => 'tcp',
dport => 5000,
}
----- Original Message -----
From: "Dan White" <y...@comcast.net>
To: puppet-users@googlegroups.com
Sent: Wednesday, November 14, 2012 12:09:48 PM
Subject: Re: [Puppet Users] firewallchain issues w/ 1.0.0 release
I believe this is to implement user defined chain-names.
It is a way to group firewall rules.
Try this for explanation:
http://my.safaribooksonline.com/book/operating-systems-and-server-administration/linux/0596004613/networking/linuxsvrhack-chp-4-sect-5
“Sometimes I think the surest sign that intelligent life exists elsewhere in
the universe is that none of it has tried to contact us.”
Bill Waterson (Calvin & Hobbes)
----- Original Message -----
From: "oogs" <o...@merit.edu>
To: puppet-users@googlegroups.com
Sent: Wednesday, November 14, 2012 11:55:25 AM
Subject: [Puppet Users] firewallchain issues w/ 1.0.0 release
Hi,
First, some software versions, just to get them out of the way:
- CentOS 5.x through Centos 6.2
- Ruby 1.8.5 - 1.8.7
- Puppet 2.7.19
- Facter 1.6.11
Just a note - we're working from the EPEL repos almost exclusively.
I am working with the firewall module, and so far I am unable to use
firewallchain. Some digging suggests that it's not completely user error
(though I know I should never rule that out...). Here's my code:
firewallchain { "SSH:FILTER:IPv4" :
ensure => present,
}
That block of code results in this error:
puppet-agent[22035]: Failed to apply catalog: Parameter name failed:
Inbuilt chains must be in the form {chain}:{table}:{protocol} where
{table} is one of FILTER, NAT, MANGLE, RAW, RAWPOST, BROUTE or empty
(alias for filter), chain can be anything without colons or one of
PREROUTING, POSTROUTING, BROUTING, INPUT, FORWARD, OUTPUT for the
inbuilt chains, and {protocol} being IPv4, IPv6, ethernet (ethernet
bridging) got 'SSH:FILTER:IPv4' table:'' chain:'' protocol:''
That error code is produced in lib/puppet/type/firewallchain.rb , by
this snippet of code:
validate do |value|
if value !~ Nameformat then
(error message)
else
(more stuff)
end
end
After poking at this a bit, it turns out that Nameformat is blank when
that if statement is run, instead of containing what is defined in
lib/puppet/provider/firewallchain/iptables_chain.rb .
I know very little about Ruby right now, so I'm not in a good position
to trouble shoot the ruby code. I was wondering if someone else had run
in to this issue, and if so, how did you solve it?
I would appreciate any help I can get on this, as I'm stumped.
-Chris B.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To post to this group, send email to puppet-users@googlegroups.com.
To unsubscribe from this group, send email to
puppet-users+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-users?hl=en.
