Hey, just laying this out for everyone so there are no surprises.
As part of a larger discussion, we have decided that the Firewall module is in need of a major restructuring, with more and more issues
arising from it and compile times that seem to regularly take upwards of thirty minutes.
In order to try and solve this issue the team is working to put together a plan on how the module should best be restructured to not
only resolve the issues currently facing it but to help ensure that similar ones do not occur.
As part of this however we would like to hear the communities feedback and what ideas that they might have on the best way to accomplish
this, so that we can reach our goal and provide the best quality module that we can.
As a start there are several questions that must be answered and choices to be made, these including:
iptables
and
one for ip6tables
?nftables
?nftables
seems
to have gained traction, as such it may be best to add support for it to the firewall module/modules to ease people into converting over, as both it and iptables
/ip6tables
are
both maintained by the same organisation, with the prior being actively developed as a successor and poised to take over.Finally, to anyone worried about the changes coming to the module, know that this is merely an initial investigation and that the actual changes are still some time away. We are well aware of how important this module is and are committed to getting this right.
This issue has also been posted in a newly created Github issue and on the Puppet community slack, both of which are linked below.
This e-mail may contain information that is privileged or confidential. If you are not the intended recipient, please delete the e-mail and any attachments and notify us immediately.