Samsung Galaxy Note, 4G LTE Plans, Transfer Photos Videos from iPhone to Samsung, Network Performance, Mobile Accounts, Furious Gold SPD TooL, Latest Version Full Setup

Info Using Puppet to open port 80 through the iptables command

Info Using Puppet to open port 80 through the iptables command - this blog we have built from a few years ago and already very much information about gadgets that we convey and a lot of blog visitors New Blog Techno News who are satisfied with the information, we will always try to update the latest information for you, first about Info Using Puppet to open port 80 through the iptables command many already we collect data to make this article so you do not miss the news, please see:

Articles : Info Using Puppet to open port 80 through the iptables command
full Link : Info Using Puppet to open port 80 through the iptables command

You can also see our article on:


Info Using Puppet to open port 80 through the iptables command

Puppet provides an add-on module called firewall to manage firewall configuration on your system. I tried it out, and ended up locking myself out of my Vagrant box. All I needed to do was open port 80 on my VM, and the steps mentioned in the Puppet Firewall module setup page seemed like an overkill for something so simple.

So, I decided to understand the iptables command better. This writeup on centos website is an excellent introduction to understanding iptables. Armed with this knowledge, I realized all I needed was:

  1. Make a single rule entry on my Centos VM for allowing incoming traffic on port 80.
  2. Save the state of the iptables rule, so that on restart of the iptables service, this new rule is not lost.
Note: I am working on puppet v3.2.3 and Cento v6.4 Minimal Version.

If you google, most places you will find this command for opening port 80 (didn't work!):

sudo iptables -A INPUT -m state --state NEW -p tcp --dport 80 -j ACCEPT

What this command essentially says is append (-A) a new rule to INPUT traffic chain, where for NEW connections of type tcp, and destination port (-dport) 80, perform ACCEPT connections.

This command did not actually open the port for me because this command "APPENDS" the rule right at the end of the iptable chain. By default, Centos already came with a rule:

-A INPUT -j REJECT --reject-with icmp-host-prohibited

The line I added, got appended AFTER this rule. Meaning, all requests were getting blocked anyways, and hence my rule to allow incoming traffic to port 80 was never evaluated.

Therefore, what we need to do is to insert our rule before the REJECT rule. To do that, we use the -I (insert) switch, instead of the -A (Append) switch. The -I switch needs to know the line number of the rule to insert at. To see the line numbers of various, use the following command:

ipTables with Line Number (Notice Line 5 Has the Reject Rule)

Using the "sudo iptables -L -n -v --line-numbers" you can see that by default line number 5 has the REJECT rule for all traffic.

Hence the command that we need to allow incoming traffic to port 80 is (works!):

sudo iptables -I INPUT 5 -m state --state NEW -p tcp --dport 80 -j ACCEPT

Now, our rules gets inserted at line 5, and everything works. Based on this knowledge, our puppet script now looks like this (using two execs):



The first exec fires the command only if it does not detect a port 80 entry (using the unless attribute). The unless attribute tests that a grep on iptables-save command contains port 80 entry. The iptables-save command allows us to see the current iptables rule configuration in a parseable format.

The second exec fires the service iptables save  command to save the configuration to disk. This command needs to be fired only if the first exec actually makes an entry. Hence we specify notify attribute in exec and also mark this exec with refreshonly => true so that it is executed only as part of the notify process, and should not be executed otherwise.

That's it! You should be good to go now! You can do the same thing if you also want to make an entry for port 443 (SSL) or anything similar.



articles Info Using Puppet to open port 80 through the iptables command finished in discussion

hopefully the information we convey about Info Using Puppet to open port 80 through the iptables command can benefit you in getting new knowledge about technology,

you just finished reading the information Info Using Puppet to open port 80 through the iptables command we hope this informmation can answer the question you submit to googlle, if you want to bookmark or share please use link https://moymoycikukecik.blogspot.com/2014/05/info-using-puppet-to-open-port-80.html and do not forget to always visit this blog to get the latest information every day.

Tag :
Share on Facebook
Share on Twitter
Share on Google+
Tags :

Related : Info Using Puppet to open port 80 through the iptables command

0 komentar:

Posting Komentar