puppet firewall and puppet agent -t, does the firewall go "down" (empty) for a bit?
When using the puppetlabs firewall module in puppet 3, as an agent node does a "puppet agent -t", does the firewall actually open up for a split second? Will the normal batch checks on the agents also have this behavior for a config change that really doesn't involve the firewall? I'd like it if the when a new (regular) rule (for example) to open up a port was merely done and added in rather than any kind of "purge" or "stop" of any kind. Maybe it doesn't "purge" anything or "stop" anything. I guess I need some assurance of how the module works. Any details anywhere? Not talking about using the module, but what happens underneath the covers.