How to open port 80 on box managed with Puppet

puppetpuppetmaster

I have a puppet master virtual machine that manages almost 20 nodes. I have Nagios installed on one of these nodes and in order for the Nagios GUI to work I would need to stop the iptables on that nagios box. The problem is that whenever Puppet runs it will start the iptables service back on.
I've tried adding a service in nagios modules server.pp file like this which didn't work. It says that the iptables service is already defined and cannot have duplicate:

service
   {
     iptables:
     ensure => stopped,

 }

Also, I've tried using an exec command 

exec { "open-port-80":
         command  => "sudo iptables -I INPUT 14 -m state --state NEW -p tcp --dport 80 -j ACCEPT",
        path     => "${os_path}",
        unless   => "sudo iptables-save | grep 80 | grep INPUT | grep ACCEPT | grep NEW | wc -l | xargs test 1 -eq",
        notify   => Exec["ip-tables-save"]
}

exec { "ip-tables-save":
         command     => "sudo service iptables save",
#        refreshonly => true,
#        path        => "${os_path}",
}

Also tried the code below but had no luck:

if defined("iptables") and defined(Class['iptables'])
  {
    iptables::add_tcp_stateful_listen
    {
      ‘nagios-core':
      client_nets => '[nagios node IP address here]/32',
        dports => ‘80',
    }
  }

Can someone please help me with that?

Thanks in advance

Best Answer

Instead of turning off iptables completely, I'd recommend using the Puppetlabs Firewall module to manage firewalls/iptables:

$ puppet module install puppetlabs-firewall

Then you can write some Puppet such as this:

firewall { '100 Allow http and https access':
  port   => [80, 443],
  proto  => tcp,
  action => accept,
}
Related Topic