define iptables::snippet ($order = "10", $ensure = "present") {
        file {"/etc/iptables.d/snippets/${order}-${name}":
                owner   => root,
                group   => root,
                mode    => 600,
                ensure  => "${ensure}",
                require => File["/etc/iptables.d/snippets"],
                notify  => Exec["rebuildiptables.sh"],
                source  => ["puppet://puppet/iptables/snippets/${name}.${fqdn}",
                            "puppet://puppet/iptables/snippets/${name}"]
        }

}

        iptables::snippet{"std-prefix":
                order   => "00"
        }

        iptables::snippet{"std-suffix":
                order   => "999"
        }

        iptables::snippet{["junkfilter",
                           "backup_access",
                           "monitor_access",
                           "admin_access"]:
                order   => "01" 
        }

        iptables::snippet{"globalrules":
                order   => "02"
        }

        service{"iptables":
                enable          => true,
                hasrestart      => true,
                hasstatus       => true,
                ensure          => running,
                require         => Package["iptables"]
        }

global:
-I INPUT 1 -j admin_access 
-I INPUT 2 -j junk_filter 
-I INPUT 3 -j backup_access 
-I INPUT 4 -j monitor_access 
-I FORWARD 1 -j admin_access 
-I FORWARD 2 -j junk_filter 
-I FORWARD 3 -j backup_access 
-I FORWARD 4 -j monitor_access 

admin_access:
:admin_access - [0:0]
-A admin_access -s a.b.c.d -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT