O'Reilly logo

Learning Puppet 4 by Jo Rhett

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Appendix B. Configuring Firewalls on Other Platforms

This appendix covers how to enable incoming TCP connections to services provided by Puppet on platforms other than CentOS/RHEL 7.

IP Tables

If you are using an older operating system that comes with the IP tables firewall (such as CentOS 6 or Debian), you may need to invoke the iptables command directly. For example, the command shown here must be run on a Puppet server to allow incoming connections from clients:

[vagrant@puppetserver ~]$ sudo iptables -A INPUT -p tcp --dport 8140 -j ACCEPT
[vagrant@puppetserver ~]$ sudo /sbin/service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]

For the Puppet Dashboard, you’ll need to enable two ports:

[vagrant@dashserver ~]$ sudo iptables -A INPUT -p tcp --dport 443,3000 -j ACCEPT

Uncomplicated Firewall

Ubuntu comes standard with the Uncomplicated Firewall (UFW). You can uninstall this, and install firewalld to use the commands shown in this book:

$ sudo apt-get remove ufw
$ sudo apt-get install firewalld

Or you can utilize the following commands with UFW on a Puppet server:

[vagrant@puppetserver ~]$ sudo ufw allow 8140/tcp
[vagrant@puppetserver ~]$ sudo ufw status numbered

For Puppet Dashboard, you’ll need to enable three ports:

[vagrant@puppetserver ~]$ sudo ufw allow 443/tcp
[vagrant@puppetserver ~]$ sudo ufw allow 3000/tcp
[vagrant@puppetserver ~]$ sudo ufw status numbered

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required