Mike McGrath wrote:
lmacken, skvidal and xDamonx have been working together to create a
simple (and predictable) set of iptables rules. They're now ready and
xDamonx will be deploying them. The iptables template is done and
basically all thats needed to deploy is added to the manifests file.
For example, here's whats in our db group (as is in
manifests/servergroups/db.pp:
# firewall Rules
$tcpPorts = [ 3306, 5432 ]
$udpPorts = [ ]
I've added custom rules to this. Now you can also add:
$custom = [ '-A INPUT -p tcp -m blah blah',
'Some other rule' ]
To the server groups. These rules are added directly before the tcp and
udp rules.
-Mike
