If it helps this is what I see when running in debug mode:
debug: /Stage[main]/My_fw::Post/Firewall[999 drop all]/require: requires
Class[My_fw::Pre]
debug: /Stage[main]/My_fw::Pre/Firewall[001 accept all to lo
interface]/before: requires Firewall[002 accept related established rules]
debug: /Stage[main]/Firewall::Linux::Redhat/require: requires
Package[iptables]
debug: /Stage[main]/My_fw::Pre/Firewall[000 accept all icmp]/before:
requires Firewall[001 accept all to lo interface]
debug: /Stage[main]/My_fw::Pre/Firewall[100 allow http and https
access]/before: requires Class[My_fw::Post]
debug: /Stage[main]/My_fw::Pre/Firewall[002 accept related established
rules]/before: requires Class[My_fw::Post]
debug: /Stage[main]/Users/User[pepe]: Autorequiring Group[shame]
debug: /Schedule[daily]: Skipping device resources because running on a host
debug: /Schedule[monthly]: Skipping device resources because running on a
host
debug: /Schedule[hourly]: Skipping device resources because running on a
host
debug: /Schedule[never]: Skipping device resources because running on a host
debug: Prefetching yum resources for package
debug: Puppet::Type::Package::ProviderYum: Executing '/bin/rpm --version'
debug: Puppet::Type::Package::ProviderYum: Executing '/bin/rpm -qa
--nosignature --nodigest --qf '%{NAME} %|EPOCH?{%{EPOCH}}:{0}| %{VERSION}
%{RELEASE} %{ARCH}
''
debug: Service[iptables](provider=redhat): Executing '/sbin/service
iptables status'
debug: Puppet::Type::Service::ProviderRedhat: Executing '/sbin/chkconfig
iptables'
El martes, 1 de julio de 2014 16:17:30 UTC-3, Pablo Morales escribió:
>
> Hi there guys
> I'm new to puppet I thinks it's a great tool and I'm trying to configure
> some task to perform automatically like users and some services which I had
> no
> problems until now with iptables, this is what I'v got
>
> server and client:
> CentOS release 6.5 (Final)
>
> On client:
> puppet-2.7.25-2.el6.noarch
>
> On server:
> puppet-server-3.6.2-1.el6.noarch
> puppet-3.6.2-1.el6.noarch
>
> I'm following this:
> https://forge.puppetlabs.com/puppetlabs/firewall
>
> My config on server:
> /etc/puppet/modules/my_fw/manifests
> post.pp
> pre.pp
> class my_fw::post {
> firewall { '999 drop all':
> proto => 'all',
> action => 'drop',
> before => undef,
> }
> }
>
> class my_fw::pre {
> Firewall {
> require => undef,
> }
>
> # Default firewall rules
> firewall { '000 accept all icmp':
> proto => 'icmp',
> action => 'accept',
> }->
> firewall { '001 accept all to lo interface':
> proto => 'all',
> iniface => 'lo',
> action => 'accept',
> }->
> firewall { '002 accept related established rules':
> proto => 'all',
> ctstate => ['RELATED', 'ESTABLISHED'],
> action => 'accept',
> }
>
> firewall { '100 allow http and https access':
> port => [80, 443],
> proto => tcp,
> action => accept,
> }
>
> }
>
> /etc/puppet/manifests
> site.pp
> # tell puppet on which client to run the class
> node slnxserver {
>
> include users
>
> #resources { "firewall":
> #purge => true
> #}
>
> Firewall {
> before => Class['my_fw::post'],
> require => Class['my_fw::pre'],
> }
>
> class { ['my_fw::pre', 'my_fw::post']: }
> class { 'firewall': }
> }
>
> On the client I see the following:
> tail -f /var/log/messages
> Jul 1 16:01:09 slnxserver puppet-agent[16431]: Finished catalog run in
> 0.35 seconds
> Jul 1 16:02:41 slnxserver puppet-agent[16431]: Finished catalog run in
> 0.33 seconds
> Jul 1 16:04:13 slnxserver puppet-agent[16431]: Finished catalog run in
> 0.30 seconds
> Jul 1 16:05:45 slnxserver puppet-agent[16431]: Finished catalog run in
> 0.28 seconds
> Jul 1 16:07:17 slnxserver puppet-agent[16431]: Finished catalog run in
> 0.29 seconds
>
> No problems reported, but it seems the iptables rules are not applied, am
> I missing somthing else?
>
> The 80:443 ports is not applied:
>
> iptables -nL
> Chain INPUT (policy ACCEPT)
> target prot opt source destination
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
>
> Chain OUTPUT (policy ACCEPT)
> target prot opt source destination
>
> If I uncomment the resource statement above I get:
> puppet-agent[16431]: Failed to apply catalog: Parameter name failed on
> Resources[firewall]: Could not find resource type 'firewall' at
> /etc/puppet/manifests/site.pp:8
>
>
> Thanks for your time and support, any help appreciated.
> Regards
>
>
>
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/29178a3d-d0ba-4601-9a8b-5af39276261f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
