dcarley/gist:1363634

## gistfile1.txt
[root@fw0 ~]# iptables -F

[root@fw0 ~]# cat test.pp
firewall {
    "500 http":
        dport   => 80,
        action  => "accept";
    "500 https":
        dport   => 443,
        action  => "accept";
}
resources { "firewall":
    purge   => true,
}

[root@fw0 ~]# puppet apply --modulepath /vagrant/puppet/modules test.pp
notice: /Firewall[500 https]/ensure: created
notice: /Firewall[500 http]/ensure: created
notice: Finished catalog run in 0.17 seconds

[root@fw0 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            multiport dports http /* 500 http */
ACCEPT     tcp  --  anywhere             anywhere            multiport dports https /* 500 https */

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

[root@fw0 ~]# /sbin/iptables -I INPUT -t filter -p tcp -m multiport --dports 8080 -m comment --comment "500 http" -j ACCEPT

[root@fw0 ~]# puppet apply --modulepath /vagrant/puppet/modules test.pp
warning: Firewall 500 http found in both iptables and iptables; skipping the iptables version
notice: Finished catalog run in 0.07 seconds

[root@fw0 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            multiport dports webcache /* 500 http */
ACCEPT     tcp  --  anywhere             anywhere            multiport dports http /* 500 http */
ACCEPT     tcp  --  anywhere             anywhere            multiport dports https /* 500 https */

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
	[root@fw0 ~]# iptables -F

	[root@fw0 ~]# cat test.pp
	firewall {
	"500 http":
	dport => 80,
	action => "accept";
	"500 https":
	dport => 443,
	action => "accept";
	}
	resources { "firewall":
	purge => true,
	}

	[root@fw0 ~]# puppet apply --modulepath /vagrant/puppet/modules test.pp
	notice: /Firewall[500 https]/ensure: created
	notice: /Firewall[500 http]/ensure: created
	notice: Finished catalog run in 0.17 seconds

	[root@fw0 ~]# iptables -L
	Chain INPUT (policy ACCEPT)
	target prot opt source destination
	ACCEPT tcp -- anywhere anywhere multiport dports http /* 500 http */
	ACCEPT tcp -- anywhere anywhere multiport dports https /* 500 https */

	Chain FORWARD (policy ACCEPT)
	target prot opt source destination

	Chain OUTPUT (policy ACCEPT)
	target prot opt source destination

	[root@fw0 ~]# /sbin/iptables -I INPUT -t filter -p tcp -m multiport --dports 8080 -m comment --comment "500 http" -j ACCEPT

	[root@fw0 ~]# puppet apply --modulepath /vagrant/puppet/modules test.pp
	warning: Firewall 500 http found in both iptables and iptables; skipping the iptables version
	notice: Finished catalog run in 0.07 seconds

	[root@fw0 ~]# iptables -L
	Chain INPUT (policy ACCEPT)
	target prot opt source destination
	ACCEPT tcp -- anywhere anywhere multiport dports webcache /* 500 http */
	ACCEPT tcp -- anywhere anywhere multiport dports http /* 500 http */
	ACCEPT tcp -- anywhere anywhere multiport dports https /* 500 https */

	Chain FORWARD (policy ACCEPT)
	target prot opt source destination

	Chain OUTPUT (policy ACCEPT)
	target prot opt source destination