puppetlabs-firewall and removing a parameter
30 views
Skip to first unread message
Matthias Saou
Aug 3, 2015, 7:26:34 AM8/3/15
to Puppet Users Mailing List
Hi,
I had this applied to my nodes :
firewall { "${prenumber}7 portknock let connections through":
action => 'accept',
chain => 'INPUT',
dport => $dports,
proto => 'tcp',
recent => 'rcheck',
rname => "${prefix}_heaven",
rseconds => $seconds,
}
With $seconds set to '3'. Now I want to remove it entirely, which will
mean "forever", but I just can't figure out how to do it, or even if
it's possible at all.
When I set to undef, false or even remove the $rseconds line entirely,
puppet just leaves the previous value on existing nodes. For new nodes
or if I manually remove all iptables rules first, then the new rule
gets created without any "--seconds 3" as expected.
How can I tell puppet to actually remove that parameter from existing
rules instead of stop caring about the value?
Matthias
--
Matthias Saou ██ ██
██ ██
Web: http://matthias.saou.eu/ ██████████████
Mail/XMPP: matt...@saou.eu ████ ██████ ████
██████████████████████
GPG: 4096R/E755CC63 ██ ██████████████ ██
8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██
21A9 7A51 7B82 E755 CC63 ████ ████
I had this applied to my nodes :
firewall { "${prenumber}7 portknock let connections through":
action => 'accept',
chain => 'INPUT',
dport => $dports,
proto => 'tcp',
recent => 'rcheck',
rname => "${prefix}_heaven",
rseconds => $seconds,
}
With $seconds set to '3'. Now I want to remove it entirely, which will
mean "forever", but I just can't figure out how to do it, or even if
it's possible at all.
When I set to undef, false or even remove the $rseconds line entirely,
puppet just leaves the previous value on existing nodes. For new nodes
or if I manually remove all iptables rules first, then the new rule
gets created without any "--seconds 3" as expected.
How can I tell puppet to actually remove that parameter from existing
rules instead of stop caring about the value?
Matthias
--
Matthias Saou ██ ██
██ ██
Web: http://matthias.saou.eu/ ██████████████
Mail/XMPP: matt...@saou.eu ████ ██████ ████
██████████████████████
GPG: 4096R/E755CC63 ██ ██████████████ ██
8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██
21A9 7A51 7B82 E755 CC63 ████ ████
Matthias Saou
Aug 10, 2015, 7:35:35 AM8/10/15
to puppet...@googlegroups.com
Hi,
So... no answers... bug report filed! :-)
https://tickets.puppetlabs.com/browse/MODULES-2376
Matthias
So... no answers... bug report filed! :-)
https://tickets.puppetlabs.com/browse/MODULES-2376
Matthias
Reply all
Reply to author
Forward
0 new messages