Team,
I spent my commute yesterday hacking together a very simple iptables
module for puppet. This is based on ticket [1] #592017.
I've attached the module for review before committing it to git. Below
is a simple explanation of how it works.
The main class uses a case statement on ${operatingsystem} to import
an iptables::redhat or iptables::debian subclass. These subclasses
simply define the differences in how the two families handle iptables.
The iptables rulesets are defined in files/iptables.${hostname}. While
this configuration may track more files than a dynamic ruleset, I
think it is very simple, readable and makes it clear which file to
edit pertaining to which host.
I have imported many of the current iptables rulesets into this module
already, and have verified the redhat subclass locally on my personal
puppet installation (the debian subclass may need some tweaking; i
haven't verified it).
Please let me know your thoughts before I commit it.
Thank you,
--
Christer Edwards
[1] : https://bugzilla.gnome.org/show_bug.cgi?id=592017
Attachment:
iptables-module.tar.gz
Description: GNU Zip compressed data