I would like to manage the firewall from the command line or with files VIA puppet, however this peice of software seems pretty complicated compared to the other distributions and generic iptables commands / configurations we push out.
Can anyone please advise of how to control this VIA the CLI / config file that is more straight forward?
Assuming this is for a headless server, are you aware of the ability to run YAST from the command line? IMHO a much better way than editing a firewall’s config files by hand.
Login as a user, invoke
You are correct, they are headless servers. We do not have a GUI installed, and primarily use yast in the manner you specified. I am looking to manage the firewall w/ puppetlabs product, puppet. However, I cannot find a clear cut way to manage this from it’s configuration file. The only other option I can think of is to use IPtables directly…
On Mon April 25 2011 03:06 pm, austingsmith wrote:
>
> Thank you for the warm welcome!
>
> You are correct, they are headless servers. We do not have a GUI
> installed, and primarily use yast in the manner you specified. I am
> looking to manage the firewall w/ puppetlabs product, puppet. However,
> I cannot find a clear cut way to manage this from it’s configuration
> file. The only other option I can think of is to use IPtables
> directly…
>
> Any thoughts?
> Thanks,
> Austin
>
>
Austin;
Have you tried the ncurses version of YaST suggested by Knurpht. Either of
the following commands launch YaST from the CLI.
YaST
or
yast
Either of these launch YaST but you need to su to root first. Note: “YAST”
will not be recognized. You navigate from the keyboard. Tabs, Arrow Keys and
ALT <key> sequences. It is fairly transparent how to navigate once
launched.
–
P. V.
“We’re all in this together, I’m pulling for you.” Red Green
You want to use Puppet instead of Yast, right ? If I understand you right, the only way is to disable the firewall in Yast and start a new configuration from scratch in Puppet (if it is able to).
You will obviously have to tweak some config to start the firewall during init.
As far as I can see, puppet is a system for configuration management (kind of + more).
Do you want to use it to distribute the firewall configuration to several machines in your infrastructure?