Pastie now auto-senses if line-wrap is a bad or good idea. Feedback?
## mark a section (Learn more)
define iptables::snippet ($order = "10", $ensure = "present") { file {"/etc/iptables.d/snippets/${order}-${name}": owner => root, group => root, mode => 600, ensure => "${ensure}", require => File["/etc/iptables.d/snippets"], notify => Exec["rebuildiptables.sh"], source => ["puppet://puppet/iptables/snippets/${name}.${fqdn}", "puppet://puppet/iptables/snippets/${name}"] } } iptables::snippet{"std-prefix": order => "00" } iptables::snippet{"std-suffix": order => "999" } iptables::snippet{["junkfilter", "backup_access", "monitor_access", "admin_access"]: order => "01" } iptables::snippet{"globalrules": order => "02" } service{"iptables": enable => true, hasrestart => true, hasstatus => true, ensure => running, require => Package["iptables"] } ## rule samples global: -I INPUT 1 -j admin_access -I INPUT 2 -j junk_filter -I INPUT 3 -j backup_access -I INPUT 4 -j monitor_access -I FORWARD 1 -j admin_access -I FORWARD 2 -j junk_filter -I FORWARD 3 -j backup_access -I FORWARD 4 -j monitor_access admin_access: :admin_access - [0:0] -A admin_access -s a.b.c.d -p tcp -m tcp --dport 22 --tcp-flags FIN,SYN,RST,ACK SYN -j ACCEPT
This paste will be private.
From the Design Piracy series on my blog:
Pastie << self Blog