I think I was able to define what is needed with the following. However,
log_level is not appearing in /etc/sysconfig/iptables. I'm using Puppet
3.2.2-1 on RHEL 6.4
Here's my manifest code in case anybody is interested.
firewallchain { 'LOGGING:filter:IPv4':
ensure => present,
}
firewall { '998 jump to LOGGING':
chain => 'INPUT',
proto => 'all',
jump => 'LOGGING',
}
firewall { '991 LOGGING':
chain => 'LOGGING',
proto => 'all',
limit => '2/min',
log_level => 'warn',
#log_level => 4,
log_prefix => 'IP Tables Dropped Packet:',
jump => 'LOG',
}
firewall { '992 jump to DROP':
chain => 'LOGGING',
proto => 'all',
action => 'drop',
}
On Thursday, August 15, 2013 2:02:47 PM UTC-4, Thomas wrote:
>
> I'm having trouble figuring out how to get the puppetlabs firewall module
> to place the following into /etc/sysconfig/iptables:
>
> -N LOGGING
> -A LOGGING -m limit --limit 2/min -j LOG --log-level 4 --log-prefix
> "IPTables Dropped Packet:"
> -A LOGGING -j DROP
> -A INPUT -j LOGGING
>
> This is the first time I'm trying to use firewallchain and I can't seem to
> determine the proper syntax to define the above.
>
> Any advise would be appreciated!
>
> Thomas
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/puppet-users.
For more options, visit https://groups.google.com/groups/opt_out.
