Summary
docs/_openvox_8x/quick_start_firewall.markdown teaches the legacy puppetlabs-firewall (iptables) module. The community-preferred module is now puppetlabs-nftables (per Voxpupuli guidance — bastelfreak in #voxpupuli Slack, 2026-06-02: "preferred is the nftables module", recommended over both firewall and firewalld). The guide should be modernized to use nftables and to reflect current profile-organization practice.
Module: switch to nftables
- Replace the
puppet module install puppetlabs-firewall walkthrough and the my_fw::pre / my_fw::post / firewall {} / resources { 'firewall': purge => true } examples (lines 32–171) with equivalent guidance using the puppet-nftables module and its resources.
- Update the "Other resources" / Forge links (lines 36, 193–195) from
forge.puppetlabs.com/puppetlabs/firewall to the nftables module on the current Forge (forge.puppet.com).
- The
iptables --list verification steps (lines 157–189) need to become nft list ruleset (or equivalent) output.
Profile organization guidance
Add/incorporate the roles-and-profiles guidance from the same thread: app-specific firewall rules belong in the app's own profile (e.g. profile::foo_server), declaring a defined resource that adds the needed rule — not lumped into a shared profile::firewall class or a per-app profile::firewall::foo_server. A general firewall profile (included by profile::base) manages the baseline; each app profile contributes its own ports. This pairs well with designing_advanced_profiles.md and roles_and_profiles_example.md — consider cross-linking.
Stale references
- Dead/legacy links:
[downloads] → puppetlabs.com/puppet/puppet-open-source (line 7, unused), puppetlabs.com/learn and the "Puppet workshop"/certification pitch (lines 203–205) — drop or replace with OpenVox-relevant resources.
- Module paths reference
/etc/puppetlabs/code/environments/... and /etc/puppetlabs/puppet/environments/... inconsistently (lines 44–47 vs 60, 75) — normalize.
Out of scope
- Broken internal-link sweeps for the openvox collection (handled separately if/when that collection is audited).
- Nav changes — the page keeps its slot in
_data/nav/.
Summary
docs/_openvox_8x/quick_start_firewall.markdownteaches the legacypuppetlabs-firewall(iptables) module. The community-preferred module is nowpuppetlabs-nftables(per Voxpupuli guidance — bastelfreak in #voxpupuli Slack, 2026-06-02: "preferred is the nftables module", recommended over bothfirewallandfirewalld). The guide should be modernized to use nftables and to reflect current profile-organization practice.Module: switch to nftables
puppet module install puppetlabs-firewallwalkthrough and themy_fw::pre/my_fw::post/firewall {}/resources { 'firewall': purge => true }examples (lines 32–171) with equivalent guidance using thepuppet-nftablesmodule and its resources.forge.puppetlabs.com/puppetlabs/firewallto the nftables module on the current Forge (forge.puppet.com).iptables --listverification steps (lines 157–189) need to becomenft list ruleset(or equivalent) output.Profile organization guidance
Add/incorporate the roles-and-profiles guidance from the same thread: app-specific firewall rules belong in the app's own profile (e.g.
profile::foo_server), declaring a defined resource that adds the needed rule — not lumped into a sharedprofile::firewallclass or a per-appprofile::firewall::foo_server. A general firewall profile (included byprofile::base) manages the baseline; each app profile contributes its own ports. This pairs well with designing_advanced_profiles.md and roles_and_profiles_example.md — consider cross-linking.Stale references
[downloads]→puppetlabs.com/puppet/puppet-open-source(line 7, unused),puppetlabs.com/learnand the "Puppet workshop"/certification pitch (lines 203–205) — drop or replace with OpenVox-relevant resources./etc/puppetlabs/code/environments/...and/etc/puppetlabs/puppet/environments/...inconsistently (lines 44–47 vs 60, 75) — normalize.Out of scope
_data/nav/.