# voxpupuli
- d
Dr Bunsen Honeydew
05/22/2023, 4:27 PMSee the
module at https://forge.puppet.com/puppetlabs/firewall?src=slack&channel=voxpupulipuppetlabs-firewall - l
Lumiere
05/22/2023, 4:27 PMand I have no idea why (1.9.0) - s
Shaik Ishak
05/22/2023, 4:30 PMHi Team, we are using this module for puppet-Splunk, in module where we need to give our Splunk details and like heavy forwarder details? https://github.com/voxpupuli/puppet-splunk - t
tskirvin
05/22/2023, 4:45 PMEL9? RedHat wants everybody to use firewalld. It pretty much works but man, the hoops to jump through… - b
bastelfreak
05/22/2023, 4:45 PMone of the worst pieces of software - b
bastelfreak
05/22/2023, 4:46 PMbut it supports nftables as backend - b
bastelfreak
05/22/2023, 4:46 PM(and you can use nftables directly if you like) - t
tskirvin
05/22/2023, 4:46 PMHonestly firewalld itself is fine so far, but the fact that the core philosophy behind firewalld is so much more complicated makes it harder to deploy. - t
tskirvin
05/22/2023, 4:47 PMThere’s way too many ways to do it. - v
VoxBot
05/22/2023, 4:47 PMLumiere, ran into similar issues with other modules. i cant recommend enough to write a little monitoring script to monitor latest releases for all puppet forge based modules :P - t
tskirvin
05/22/2023, 4:47 PM(And I’ve got an open firewalld-puppet-module bug that’s holding us back from basic rule purging: https://github.com/voxpupuli/puppet-firewalld/issues/338) - b
bastelfreak
05/22/2023, 4:48 PM - b
bastelfreak
05/22/2023, 4:48 PMour rake tasks to detect outdated/migrated puppet modules 🙂 - l
Lumiere
05/22/2023, 4:48 PMthe problem is, we don't use a straight puppetfile - s
Slackbot
05/22/2023, 4:48 PMThis message was deleted.bl- 3
- 8
- v
VoxBot
05/22/2023, 4:49 PMok that makes it a little more complex - l
Lumiere
05/22/2023, 4:49 PMwe actually tried at one point to contribute it back iirc - v
VoxBot
05/22/2023, 4:49 PM@bastelfreak, thanks for the rake task, will have a look into it. the less i have to maintain manually the better - b
bastelfreak
05/22/2023, 4:50 PM@tskirvin I'm afraid you will probably have to fix it yourself. But I will happily review your PRs - b
bastelfreak
05/22/2023, 4:51 PMSince I don't use firewalld and all customers moved away from it, I won't have the time to fix open issues - t
tskirvin
05/22/2023, 4:51 PMHonestly I don’t even know where to start. That particular bug seems really bad, like core assumptions are broken and I don’t grok the whole module so I can’t fix it. - v
VoxBot
05/22/2023, 6:00 PMbastelfreak: had you seen https://community.theforeman.org/t/automatically-install-arch-linux/33590 already? - v
VoxBot
05/22/2023, 6:00 PMoh neat - v
VoxBot
05/22/2023, 6:00 PMno I haven't - v
VoxBot
05/22/2023, 7:41 PMEven redhat says to use nftables over firewalld for anything other than a desktop https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/securing_networks/getting-started-with-nftables_securing-networks - v
VoxBot
05/22/2023, 7:42 PM\o/ - v
VoxBot
05/22/2023, 7:43 PMyeah everybody should use puppet/nftables - d
Dr Bunsen Honeydew
05/22/2023, 7:43 PMSee the
module at https://forge.puppet.com/puppet/nftables?src=slack&channel=voxpupulipuppet-nftables - v
VoxBot
05/22/2023, 7:43 PMCERN approved! - v
VoxBot
05/22/2023, 7:43 PM(also please stop using puppetlabs/firewall: https://github.com/puppetlabs/puppetlabs-firewall/issues/1100)