[MODULES-1234] puppetlabs-firewall and Docker - how to work with iptables rules, firewall-managing services, and "resources { 'firewall': purge => true }" - Puppet Jira Server

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Normal
Resolution: Won't Fix
Affects Version/s: None
Fix Version/s: None
Component/s: firewall
Labels:
None
Environment:

RHEL6 + Docker environment

Description

(Note: this problem applies to most anything that handles virtualization with iptables rules. I just happen to be playing with Docker at the moment.)

The currently documented way to manage your firewall rules using the puppetlabs-firewall module is to use "resources

{ 'firewall': purge => true }

". This works well when puppet is managing all of the firewall rules associated with a system; however, it works much less well when other systems are also managing classes of firewall rules. For instance, docker manages a number of rules in the PREROUTING, POSTROUTING, and OUTPUT nat tables.

Would it be possible to add support within the main firewall module to set separate 'purge' rules for each of these tables?

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Tim Skirvin

Votes:: 2 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 2014/07/29 2:37 PM

Updated:: 2016/10/18 4:44 PM

Resolved:: 2015/01/16 10:41 AM