One of the most important things to be done on a system, security-wise, is to ensure that it is safe from network-based attacks.
Ensuring that your system only listens on expected ports and controls access to services at the network level is a tedious, repetitive process. What if services could automatically open the necessary firewall rules? What if the systems running a cluster application could learn about one another and open access to just the other nodes?
With Puppet, all this is possible. We'll cover some of these cases in this chapter. We'll cover the following topics:
Basic information in the firewall module
The firewall type
The firewall chain type
Pre and post rules—what they are and how they're used
Adding firewall rules to your own modules in an extensible way
Let's get rolling with our first topic!