looking for advice on firewall configuration via puppet
I'm trying to bring some sanity to the network environment I work in (long story). We have hundreds on linux hosts without any centralized management or control of configuration. I want to use puppet to manage firewall configurations as an initial starting point, I realize I could use individual node definitions to apply a policy to each host but that isn't much better than what we're doing already.
Has anyone dealt with this issue before or do you have suggestions on how I might group systems together to apply a specific firewall policy e.g. internet facing, web server, e-mail server, etc. ?
I've just deployed Satellite 6.1 so I'd like to integrate puppet into it.