So far, we concentrated on using a single firewall utility class. While this is useful for site or organization wide rules, it quickly becomes unwieldy to manage if there are specific exceptions for given hosts or applications. As such, there must be a better way to manage firewall rules close to the applications we're installing via Puppet.

This section will also serve to introduce another common pattern that is being applied in the Puppet world. This is the roles and profiles pattern.

The concept of the roles and profiles pattern is that we have utility modules. These modules are responsible for being generic enough to configure an underlying system. Consider modules to configure Apache or Samba. These modules ...