Freeaqingme
commented
11 years ago This PR at least doesn't create extra resources. The include statement merely ensures a correct evaluation order.
I'm not sure where there'd be so many created? I think the only difference is that there's now a resource for each chain and table. That is, assuming you invoke firewall::rule directly, and don't proxy it all through the firewall type. Would be interesting to see the results of your tests though ;)
All of this is a wonderful work... I'm just a bit concerned about the huge number of resources that are generated... should make some test based on real figures, but the impression seeing the puppetruns is that when you start to have several rules on a system the amount of related resources grows like hell...