Exclude dynamically modules from agent run
I've got our puppet master for our ubuntu clients running - and it works great at this point! But now our users need a client script, which allows them to communicate through our puppet-controlled firewall. Now it's getting harder: i need now a method to exclude our firewall scripts from the puppet run. Actual state: the client script runs, disables any firewall settings and after 30m puppet does his work and reset the firewall to our wished state.
I researched some possibilities: I defined a custom fact, but now I would have to check this fact at every single module, which I would don't want to do at this point. The other point would be, that I run puppet in noop mode or disable it via script. But all other modules except the firewall-modules should run.
Thanks for reply and help!