On Oct 29, 2013, at 8:41 AM, Daniele Sluijters <daniele.sluijt...@gmail.com> wrote:
> Hello, > > A while back I wanted to switch our home-brewed iptables module to the > puppetlabs/firewall module but I couldn't figure out > how to tell puppetlabs/firewall to leave the fail2ban chains alone. > > I was curious if someone had solved the issue and had some examples I can > work from? > > -- > Daniele Sluijters > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/28d07962-a86c-46ad-9ddb-02e7ae41c348%40googlegroups.com. > For more options, visit https://groups.google.com/groups/opt_out. I ran in to this issue also. Never found a scaleable/supportable solution, so switched to DenyHosts instead just to get the deployment going. I used the puppetlabs-denyhosts module. Depending on your application an app-level filter vs a firewall-level filter may be adequate. The latter is possibly more scalable if you are getting massive attacks on your SSH port for example. But if they get so massive that DenyHosts is a significant resource drain you may need to switch to an upstream DDoS-blocking solution anyway, so I decided the app-level filter was sufficient. Don -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/E14BBB38-29A3-462F-B68C-D529C81D035E%40gmail.com. For more options, visit https://groups.google.com/groups/opt_out.
