How to implement iptables using Puppet

Question

i would like to implement these rules below in puppet from puppet master to clients

Could anyone help me to get the script for this iptables rules, and in which file we want to have this below configurations

17x.x8.9x.10 (Execute below in this host)
sudo iptables -I INPUT 1 -p tcp --dport 80 -m comment --comment "Allow http connection" -j ACCEPT
sudo iptables -I INPUT 1 -p tcp --dport 443 -m comment --comment "Allow https connection" -j ACCEPT

17x.x8.9x.222 (Execute below in this host)
sudo iptables -I INPUT 1 -p tcp --dport 80 -m comment --comment "Allow http connection" -j ACCEPT
sudo iptables -I INPUT 1 -p tcp --dport 443 -m comment --comment "Allow https connection" -j ACCEPT


17x.x8.9x.33 (Execute below in this host)
sudo iptables -I INPUT 1 -p tcp -s 17x.18.89.1 --dport 8009 -m comment --comment "Allow MOUNTD" -j ACCEPT
sudo iptables -I INPUT 1 -p tcp -s 17x.18.89.2 --dport 8009 -m comment --comment "Allow MOUNTD" -j ACCEPT
sudo iptables -I INPUT 1 -p tcp -s 17x.18.89.34 --dport 60295 -m comment --comment "Allow MOUNTD" -j ACCEPT
sudo iptables -I INPUT 1 -p tcp -s 17x.18.89.34 --dport 2049 -m comment --comment "Allow NFS" -j ACCEPT
sudo iptables -I INPUT 1 -p tcp -s 17x.18.89.34 --dport 111 -m comment --comment "Allow portmapper" -j ACCEPT
sudo iptables -I INPUT 1 -p tcp -s 17x.18.89.35 --dport 60295 -m comment --comment "Allow MOUNTD" -j ACCEPT
sudo iptables -I INPUT 1 -p tcp -s 17x.18.89.35 --dport 2049 -m comment --comment "Allow NFS" -j ACCEPT
sudo iptables -I INPUT 1 -p tcp -s 17x.18.89.35 --dport 111 -m comment --comment "Allow portmapper" -j ACCEPT


17x.18.160.34 (Execute below in this host)
sudo iptables -I INPUT 1 -p tcp -s 17x.18.160.1 --dport 8009 -m comment --comment "Allow MOUNTD" -j ACCEPT
sudo iptables -I INPUT 1 -p tcp -s 17x.18.160.2 --dport 8009 -m comment --comment "Allow MOUNTD" -j ACCEPT


17x.18.89.35 (Execute below in this host)
sudo iptables -I INPUT 1 -p tcp -s 17x.18.89.1 --dport 8009 -m comment --comment "Allow MOUNTD" -j ACCEPT
sudo iptables -I INPUT 1 -p tcp -s 17x.18.89.2 --dport 8009 -m comment --comment "Allow MOUNTD" -j ACCEPT

Puppet has an iptables module. Why don't you try that? – Michael Hampton Apr 08 '15 at 19:10 — Michael Hampton, Apr 08 '15 at 19:10

score 4 · Accepted Answer · answered Apr 08 '15 at 19:22

4

Use the firewall module (which is developed by Puppet Labs).

There are usage examples in the readme that should cover your use case quite nicely.

answered Apr 08 '15 at 19:22

Shane Madden

114,520
13
181
251

Yes we have module already exists in master server, Totally we are new to puppet and no idea how to do. – Babin Lonston Apr 09 '15 at 05:33
1

@Lonston For instance on the `17x.x8.9x.10` system, you will probably want a [module](https://docs.puppetlabs.com/puppet/latest/reference/modules_fundamentals.html) that configures the web service (or uses another module, like `apache`) as well as configuring the firewall rules (the rule examples from the `firewall` module's readme will go inside that module). Then you'll want to include the module with the firewall rules in the [node definition](https://docs.puppetlabs.com/puppet/latest/reference/lang_node_definitions.html). – Shane Madden Apr 09 '15 at 05:44

How to implement iptables using Puppet

1 Answers1