[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Iptables Solution



lmacken, skvidal and xDamonx have been working together to create a simple (and predictable) set of iptables rules. They're now ready and xDamonx will be deploying them. The iptables template is done and basically all thats needed to deploy is added to the manifests file. For example, here's whats in our db group (as is in manifests/servergroups/db.pp:


# firewall Rules
   $tcpPorts = [ 3306, 5432 ]
   $udpPorts = [ ]

   iptables { '/etc/sysconfig/iptables':
content => template('/var/lib/puppet/config/system/iptables-template.conf.erb'),
   }

   service { iptables:
       ensure => running,
       hasstatus => true,
   }
# EOF

After we roll these out we can easily add things to the template like the bandwidth limiting we need on the proxy servers and adding a "$rateLimit = 1" to the manifest.

   -Mike


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]