Run puppet agent via cron. Add in a random delay so that all the clients
don't hit the server at the same time. I use the following script and set
to run every 30 minutes:
#!/bin/bash
# Grab a random value between 0-1740 (29 minutes).
value=$RANDOM
while [ $value -gt 1740 ] ; do
value=$RANDOM
I just went through this last week. This isn't available in the stable 0.4
release from puppetforge, you need to get the current master branch
from https://github.com/kbarber/puppetlabs-firewall
Once you get this, you can do this:
firewallchain { 'INPUT:filter:IPv4':
policy=> 'd
FYI, I downloaded the following branch this morning:
git clone -b ticket/10162-firewallchain_support_for_merge
git://github.com/kbarber/puppetlabs-firewall.git
and found a bug where the args for iptables were being fed to it in the
wrong order. I made the following patch, and emailed it to Ken:
With our current iptables rules, we implement the following in a script:
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
Then the script continues on and does the rest of the rules. some custom
policies, etc.Now we're moving to Puppet and trying to replace all of our
s
