IPTables type
[Home>Software] Name IPTables type - extension type for puppet. Description IPTables type for puppet is intented as a type to maintain common iptables rules in the puppet database. Its entry in the puppet db is as follows `iptables { NAME: PARAMETERS; NAME: PARAMETERS; ... }` where NAME is a string indicating port, e.g. "80": and PARAMETERS are: chain => CHAIN where CHAIN is parameter passed to 'iptables -A ...' its default value is 'FILTER'. proto => PROTO where PROTO is one of the following 'tcp', 'udp', 'icmp', 'all'. its default value is 'all'. table => TABLE where TABLE is one of the following 'nat', 'mangle', 'filter' and 'raw'. its default value is 'filter'. source => SOURCE where SOURCE is a parameter passed to 'iptables --source ...' destination => DESTINATION where DESTINATION is a parameter passed to 'iptables --destination ...' ensure => STATE where STATE is one of the following 'open', 'close'. it has no default value and must be specified. Note, that this type will remove any rules which are not specified in its database. To accomodate at least some rules not covered by the above described set of parameters users can use files /etc/puppet/iptables/pre.iptables and /etc/puppet/iptables/post.iptables which contain rules loaded before and after rules described in puppet database. It is important to specify rules in these files in exact format produced by iptables-save, so as to prevent reloading of the rules on each run of puppetd. If this rule is followed then rules are reloaded only when they change, either in puppet database or in the Unix kernel. Examples `class iptablez { iptables { "80": source => "171.64.29.0", proto => tcp, ensure => open; } }` and in file /etc/puppet/iptables/post.iptables `-A INPUT -j DROP` Download puppet.iptables.type.v0.2.tar.gz [HTTP] P.S. If you have any questions please contact me at priimak@stanford.edu Last updated 11/02/2007

IPTables type

[Home>Software]

Name
IPTables type - extension type for puppet.
Description
IPTables type for puppet is intented as a type to maintain common iptables rules in the puppet database. Its entry in the puppet db is as follows
    iptables {
        NAME:
            PARAMETERS;

        NAME:
            PARAMETERS;

        ...
    }
where NAME is a string indicating port, e.g. "80": and PARAMETERS are:
    chain => CHAIN
        where CHAIN is parameter passed to 'iptables -A ...'
        its default value is 'FILTER'.

    proto => PROTO
        where PROTO is one of the following 'tcp', 'udp', 'icmp', 'all'.
        its default value is 'all'.

    table => TABLE
        where TABLE is one of the following 'nat', 'mangle', 'filter' and 'raw'.
        its default value is 'filter'.

    source => SOURCE
        where SOURCE is a parameter passed to 'iptables --source ...'

    destination => DESTINATION
        where DESTINATION is a parameter passed to 'iptables --destination ...'

    ensure => STATE
        where STATE is one of the following 'open', 'close'.
        it has no default value and must be specified.
Note, that this type will remove any rules which are not specified in its database. To accomodate at least some rules not covered by the above described set of parameters users can use files /etc/puppet/iptables/pre.iptables and /etc/puppet/iptables/post.iptables which contain rules loaded before and after rules described in puppet database. It is important to specify rules in these files in exact format produced by iptables-save, so as to prevent reloading of the rules on each run of puppetd. If this rule is followed then rules are reloaded only when they change, either in puppet database or in the Unix kernel.
Examples
    class iptablez {
        iptables {
                 "80":
             source => "171.64.29.0",
             proto  => tcp,
             ensure  => open;
        }
    }
and in file /etc/puppet/iptables/post.iptables
 -A INPUT -j DROP
Download

puppet.iptables.type.v0.2.tar.gz [HTTP]

P.S.

If you have any questions please contact me at priimak@stanford.edu

Last updated 11/02/2007