Iptables Solution
Mike McGrath
mmcgrath at redhat.com
Mon Jun 18 18:32:27 UTC 2007
lmacken, skvidal and xDamonx have been working together to create a
simple (and predictable) set of iptables rules. They're now ready and
xDamonx will be deploying them. The iptables template is done and
basically all thats needed to deploy is added to the manifests file.
For example, here's whats in our db group (as is in
manifests/servergroups/db.pp:
# firewall Rules
$tcpPorts = [ 3306, 5432 ]
$udpPorts = [ ]
iptables { '/etc/sysconfig/iptables':
content =>
template('/var/lib/puppet/config/system/iptables-template.conf.erb'),
}
service { iptables:
ensure => running,
hasstatus => true,
}
# EOF
After we roll these out we can easily add things to the template like
the bandwidth limiting we need on the proxy servers and adding a
"$rateLimit = 1" to the manifest.
-Mike
More information about the infrastructure
mailing list