I have a base design setup and working at: https://github.com/duxklr/iptables
The basics of the system so far is to:
- Use file templates to create a base iptables configuration that automatically gets pushed to all systems. This will be contain the most basic rules that all servers should have.
- Use an array to store additional host specific rules that will get processed by the template file.
- I selected a template/array style because our systems are all very one-off specific. There is no good "grouping", service, module, etc way to categorize them.
In the GIT repository above:
You will find the .../templates/iptables-common-v4.erb which is the base file that all the iptables rules are built off of.
In the .../manifests directory you will find a init.pp which is the heavy lifter in this case. You will also find a file servers.pp. This is the file that contains the host specific rules.
The question I propose.... Is there a better way to manage the host specific rules?
I have looked into concat, but I don't see a elegant way to manage the very host specific rules that we have using this module. If we have large amounts of servers that all preformed a similar function I can see this working very nicely.
I have looked at all the other iptables modules in Puppet Forge, and none of them meet my individual needs.
I have looked at all the other iptables modules in Puppet Forge, and none of them meet my individual needs.
Thoughts?
firewalld?
ReplyDelete