Managing firewalls with iptables

"Programming can be fun, so can cryptography; however they should not be combined."—Kreitzberg and Shneiderman

The programming language C has been described as a 'write-only' language; it's so terse and efficient that it can be difficult to understand even code that you've written yourself. The same might be said of iptables, the Linux kernel's built-in packet filtering firewall. Raw iptables rules look something like this:

iptables -A INPUT -d 10.0.2.15/32 -p tcp -m tcp --dport 80 -j ACCEPT 

Unless you derive a sense of machismo from mastering apparently meaningless strings of line noise, which admittedly is an occupational disease of UNIX sysadmins, it would be nice to be able to express firewall rules in a more ...

Get Puppet 2.7 Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.