Is it possible to include a parameterized class in all nodes, but override the parameters in some cases?
Currently we use puppet to manage iptables.
We pull in a list of all the IPs of all our servers from puppetdb, using the puppetdb-query module, and then dump them into an iptables config which is pushed out to all of our servers. This way, all of our servers can talk to all of our other servers, but block connections from other computers on the same network. (We are using a public cloud solution, so this is necessary.)
Additionally the iptables class is parameterized to allow the opening of specific ports publicly, e.g. http, https, and whatever else we ... (more)