Appendix B. Configuring Firewalls on Other Platforms

This appendix covers how to enable incoming TCP connections to services provided by Puppet on platforms other than CentOS/RHEL 7.

IP Tables

If you are using an older operating system that comes with the IP tables firewall (such as CentOS 6 or Debian), you may need to invoke the iptables command directly. For example, the command shown here must be run on a Puppet server to allow incoming connections from clients:

[vagrant@puppetserver ~]$ sudo iptables -A INPUT -p tcp --dport 8140 -j ACCEPT
[vagrant@puppetserver ~]$ sudo /sbin/service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  OK  ]

For the Puppet Dashboard, you’ll need to enable two ports:

[vagrant@dashserver ~]$ sudo iptables -A INPUT -p tcp --dport 443,3000 -j ACCEPT

Uncomplicated Firewall

Ubuntu comes standard with the Uncomplicated Firewall (UFW). You can uninstall this, and install firewalld to use the commands shown in this book:

$ sudo apt-get remove ufw
$ sudo apt-get install firewalld

Or you can utilize the following commands with UFW on a Puppet server:

[vagrant@puppetserver ~]$ sudo ufw allow 8140/tcp
[vagrant@puppetserver ~]$ sudo ufw status numbered

For Puppet Dashboard, you’ll need to enable three ports:

[vagrant@puppetserver ~]$ sudo ufw allow 443/tcp
[vagrant@puppetserver ~]$ sudo ufw allow 3000/tcp
[vagrant@puppetserver ~]$ sudo ufw status numbered

Get Learning Puppet 4 now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Learning Puppet 4 by Jo Rhett

Appendix B. Configuring Firewalls on Other Platforms

IP Tables

Uncomplicated Firewall

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly