For what it's worth, leaving the incl => and lens => statements in did
the trick. Either that or cleaning up some of the iptables.save and
other similar files ahead of time.
I did have to figure out the correct format for the lens => statement,
which is apparently to use a capitalized lens name
I'm not using the puppet firewall module because, if I read the docs
correctly, I'd need to use that module to completely manage the firewall
settings, and it seems to require a good bit of setup to get there, too.
Unfortunately, due to political and organizational circumstance, I don't
have the
Ouch my eyes... Augeas can wreck your day sometimes. I have to ask
though, why not use the Puppetlabs Firewall Module? It's here:
https://forge.puppetlabs.com/puppetlabs/firewall
Then you would do something like this:
firewall { 'mayo_fw TCP/3':
ensure => present,
table => 'filter
(apologies in advance for the line wrap)
I have the following tidbit of augeas code, which inserts a rule into
/etc/sysconfig/iptables as the first rule of a specifically named chain;
# augtool> insert append before
"/files/etc/sysconfig/iptables/table/append[. = 'Mayo-Firewall-INPUT'][1]"
# aug
