Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-1234

puppetlabs-firewall and Docker - how to work with iptables rules, firewall-managing services, and "resources { 'firewall': purge => true }"

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Normal
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: firewall
    • Labels:
      None
    • Environment:

      RHEL6 + Docker environment

    • Template:

      Description

      (Note: this problem applies to most anything that handles virtualization with iptables rules. I just happen to be playing with Docker at the moment.)

      The currently documented way to manage your firewall rules using the puppetlabs-firewall module is to use "resources

      { 'firewall': purge => true }

      ". This works well when puppet is managing all of the firewall rules associated with a system; however, it works much less well when other systems are also managing classes of firewall rules. For instance, docker manages a number of rules in the PREROUTING, POSTROUTING, and OUTPUT nat tables.

      Would it be possible to add support within the main firewall module to set separate 'purge' rules for each of these tables?

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              tskirvin Tim Skirvin
            • Votes:
              2 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Zendesk Support