From b46e8953f40a62d2f194226a7f92cfe8c615c33b Mon Sep 17 00:00:00 2001 From: clairecadman Date: Wed, 30 Jan 2019 14:40:43 +0000 Subject: [PATCH] (DOC-3056) Remove mention of rules ordering Remove any reference that suggests the ordering number used for rules isn't restricted to the section the rule is in. This is misleading and can lead to mis-configured firewall rules. See https://tickets.puppetlabs.com/browse/DOC-3056 for more information. --- README.markdown | 6 ------ 1 file changed, 6 deletions(-) diff --git a/README.markdown b/README.markdown index be53353..dc83bc0 100644 --- a/README.markdown +++ b/README.markdown @@ -62,12 +62,6 @@ The code in this section does the following: * The 'require' parameter in `firewall {}` ensures `my_fw::pre` is run before any other rules. * In the `my_fw::post` class declaration, the 'before' parameter ensures `my_fw::post` is run after any other rules. -Therefore, the run order is: - -* The rules in `my_fw::pre` -* Your rules (defined in code) -* The rules in `my_fw::post` - The rules in the `pre` and `post` classes are fairly general. These two classes ensure that you retain connectivity and that you drop unmatched packets appropriately. The rules you define in your manifests are likely to be specific to the applications you run. 1. Add the `pre` class to `my_fw/manifests/pre.pp`, and any default rules to your pre.pp file first — in the order you want them to run. -- 2.45.2