Hi,
I have used the following to set default policy.
firewallchain { 'FORWARD:filter:IPv4':
ensure => present,
policy => drop,
}
firewallchain { 'INPUT:filter:IPv4':
ensure => present,
policy => drop,
}
Andy
On Friday, 16 March 2012 22:28:06 UTC, Krzysztof Wilczynski wrote:
>
> HI Chris,
>
> Awesome, +1 :)
>
> KW
>
> On Friday, 16 March 2012 22:09:34 UTC, Chris O'Donnell wrote:
>>
>> FYI, I downloaded the following branch this morning:
>>
>> git clone -b ticket/10162-firewallchain_support_for_merge git://
>> github.com/kbarber/puppetlabs-firewall.git
>>
>> and found a bug where the args for iptables were being fed to it in the
>> wrong order. I made the following patch, and emailed it to Ken:
>>
>> --- iptables_chain.rb.orig 2012-03-16 17:14:29.000000000 -0400
>> +++ iptables_chain.rb 2012-03-16 16:31:40.000000000 -0400
>> @@ -73,7 +73,7 @@
>>
>> def policy=(value)
>> return if value == :empty
>> - allvalidchains do |t, table, chain|
>> + allvalidchains do |t, chain, table|
>> p = ['-t',table,'-P',chain,value.to_s.upcase]
>> debug "[set policy] #{t} #{p}"
>> t.call p
>>
>>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/c13fc207-6c5e-4079-afe7-74da99973d66%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
