Closed DavidS closed 11 years ago
alvagante
commented
11 years ago I've mixed feeling about this module now... there are some things that definitively can be added, and there are PRs for that, but keeping backwards compatibility (which here is particularly critical) is becoming more and more a mess. Maybe we should start to design the module from scratch (version 3? without params_lookup) so that we are more free to make a sane thing from the beginning.
alvagante
commented
11 years ago Also for this case I'd apply what has been stated in https://github.com/example42/puppet-icinga/pull/29: Feature freeze for nextgen modules, let's do new new fancy stuff on 3.x modules without backward compatibility lagecies.
Freeaqingme
commented
11 years ago I've incorporated this PR in the devel branch of this module. Propose to therefore close this issue. /cc @example42
alvagante
commented
11 years ago +1
Maybe it would be neater to collect a set of best-practice rules and put each rule in its own class (encapsulating iptables::rule) and store them in their own folder iptables/rules/ ? That way a user could define for him/herself what rules they'd want to add, as well as the order of the rules. It's tempting to add a whole bunch of defaults, but at the same time it does break stuff, and we can't even cover 80% of all usecases with a bunch of if-cases I think, because there simply are too many permutations.