Uploaded image for project: 'Modules'
  1. Modules
  2. MODULES-1234

puppetlabs-firewall and Docker - how to work with iptables rules, firewall-managing services, and "resources { 'firewall': purge => true }"

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Normal
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: firewall
    • Labels:
      None
    • Environment:

      RHEL6 + Docker environment

    • Template:

      Description

      (Note: this problem applies to most anything that handles virtualization with iptables rules. I just happen to be playing with Docker at the moment.)

      The currently documented way to manage your firewall rules using the puppetlabs-firewall module is to use "resources

      { 'firewall': purge => true }

      ". This works well when puppet is managing all of the firewall rules associated with a system; however, it works much less well when other systems are also managing classes of firewall rules. For instance, docker manages a number of rules in the PREROUTING, POSTROUTING, and OUTPUT nat tables.

      Would it be possible to add support within the main firewall module to set separate 'purge' rules for each of these tables?

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            tskirvin Tim Skirvin
            Votes:
            2 Vote for this issue
            Watchers:
            6 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Zendesk Support