We want to make the following firewall rule to be applyable to different network interfaces (for e.g. different environments) with just one variable:

firewall { "010-reject-port":
  ensure      => present,
  dport       => [ 80 ],
  destination => $::ipaddress_eth0,
  proto       => 'tcp',
  action      => 'drop',
  iniface     => 'eth0',

We can create a $firewall_interface variable and apply it to iniface but how can we ensure that the correct ipaddress factof the corresponding interface is used for destination?


Use getvar from the puppetlabs stdlib Show snapshot :

$firewall_interface = 'eth0'

firewall { "010-reject-port":
  ensure      => present,
  dport       => [ 80 ],
  destination => getvar("::ipaddress_${firewall_interface}"),
  proto       => 'tcp',
  action      => 'drop',
  iniface     => $firewall_interface,
