how do you like to do it 
I've been asked by a friend to help with his small fleet; he's got 15-20 nodes that he wants to get iptables rules set up. They're all bare metal and with a bunch of hosting providerss so he doesn't have much in the way of orchestration. He does have scripts tho' and they're all members of a simple Puppet setup.
My goto for this sort of thing used to be fwbuilder* but because it's unsupported I'm also looking elsewhere... and not liking what I see. He has Puppet as I said so looked at things like puppetlabs-firewall but that all just feels both clunky and wrong (depending on exported resources for a firewall rule.... no). Googling turns up folks solving this with Ansible but given he has no Ansible that seems to me to be worse than the Puppet solution:- swapping a clunky DSL for yaml and then all the boilerplate for Ansible to boot. I see there's a SaaS offering called fwcloud which is great but that's presumably $$. I found dog which would be promising but architecturally seems oddly complex. I'm just astonished that noone has a solution that's fully open, or my Googling is crap. Can Foreman do such a thing? what am I missing?
*fwbuilder was great for this because it had failsafes for script roll-out but way way more importantly had a really slick object model and supported dependencies and would (re)generate rules on the fly, check them for issues and deploy them to the target(s) affected. Sadly it became abandomware I think in 2013, forked/copied to github in 2017 and whilst the github folks are keeping the buidls running and it's still in Ubuntu that was 6 years and things have moved on... I'd actually given up on it because on my 22.04 box it would segfault but on this 23.04 it doesn't. Either way, doesn't bode well; and that there isn't a successor is worse!
I've been asked by a friend to help with his small fleet; he's got 15-20 nodes that he wants to get iptables rules set up. They're all bare metal and with a bunch of hosting providerss so he doesn't have much in the way of orchestration. He does have scripts tho' and they're all members of a simple Puppet setup.
My goto for this sort of thing used to be fwbuilder* but because it's unsupported I'm also looking elsewhere... and not liking what I see. He has Puppet as I said so looked at things like puppetlabs-firewall but that all just feels both clunky and wrong (depending on exported resources for a firewall rule.... no). Googling turns up folks solving this with Ansible but given he has no Ansible that seems to me to be worse than the Puppet solution:- swapping a clunky DSL for yaml and then all the boilerplate for Ansible to boot. I see there's a SaaS offering called fwcloud which is great but that's presumably $$. I found dog which would be promising but architecturally seems oddly complex. I'm just astonished that noone has a solution that's fully open, or my Googling is crap. Can Foreman do such a thing? what am I missing?
*fwbuilder was great for this because it had failsafes for script roll-out but way way more importantly had a really slick object model and supported dependencies and would (re)generate rules on the fly, check them for issues and deploy them to the target(s) affected. Sadly it became abandomware I think in 2013, forked/copied to github in 2017 and whilst the github folks are keeping the buidls running and it's still in Ubuntu that was 6 years and things have moved on... I'd actually given up on it because on my 22.04 box it would segfault but on this 23.04 it doesn't. Either way, doesn't bode well; and that there isn't a successor is worse!