Linux Server Wrangler (Middle-Weight Class) /w touch of DevOps. Ex-Projectionist, Geek, Android Abuser & Gravely Gay! ;) Opinions noted here are mine, all mine!

puppet-ip-netmask-and-broadcast

Working on a firewall configuration I was trying to update the settings to provide more dynamic support for preventing logging of broadcast address traffic. Although facter gives you the IP Address and Netmask of an interface, it doesn’t give the broadcast address.

In the end I used a built-in module for Ruby – IPAddr – which allows you to do IP manipulation (very easily in fact):

<% require 'ipaddr'
   interfaces.split(',').each do |interface|
     if has_variable?("ipaddress_#{interface}")
       address = IPAddr.new(
         "#{scope.lookupvar("ipaddress_#{interface}")}/" + \
         "#{scope.lookupvar("netmask_#{interface}")}"
       ).to_range.last.to_s -%>
-A INPUTLOG -i <%= interface -%> -d <%= address -%> -j DROP
<%   end
   end -%>

This code will take all the interfaces listed by facter and if they have an IP address associated with them, build an IPAddr object for each one. Then, getting a range object of the class (.to_range), then the last object in that range (.last) I can finally the broadcast IP address (.to_s or .to_string is all that’s needed to do that here).

Another problem was trying to reference a variable name in which that name was variable: scope.lookupvar('name') here is the key, where name of the constructed name of the variable you’re looking for.


 Add a Comment  

This article (Puppet: IP, Netmask & Broadcast) was written by , posted on , and listed under SysAdmin.

Tagged with , , , , , .