example
We want to make the following firewall rule to be applyable to different network interfaces (for e.g. different environments) with just one variable:
firewall { "010-reject-port":
ensure => present,
dport => [ 80 ],
destination => $::ipaddress_eth0,
proto => 'tcp',
action => 'drop',
iniface => 'eth0',
}
We can create a $firewall_interface variable and apply it to iniface but how can we ensure that the correct ipaddress factof the corresponding interface is used for destination?
Solution:
Use getvar from the
puppetlabs stdlib
Show archive.org snapshot
:
$firewall_interface = 'eth0'
firewall { "010-reject-port":
ensure => present,
dport => [ 80 ],
destination => getvar("::ipaddress_${firewall_interface}"),
proto => 'tcp',
action => 'drop',
iniface => $firewall_interface,
}
