Managing firewalls with iptables

"Programming can be fun, so can cryptography; however they should not be combined."—Kreitzberg and Shneiderman

The programming language C has been described as a 'write-only' language; it's so terse and efficient that it can be difficult to understand even code that you've written yourself. The same might be said of iptables, the Linux kernel's built-in packet filtering firewall. Raw iptables rules look something like this:

iptables -A INPUT -d -p tcp -m tcp --dport 80 -j ACCEPT

Unless you derive a sense of machismo from mastering apparently meaningless strings of line noise, which admittedly is an occupational disease of UNIX sysadmins, it would be nice to be able to express firewall rules in a more ...

Get Puppet 2.7 Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.