Wheezy Puppetmaster

Jurjen Bokma

November 2012

Table of Contents

Securing the Puppet Master

You may want to start firewalling early a machine that is going to be given control over an entire network. OTOH, an enabled firewall may hamper experiments.

Details of firewalling the Puppetmaster are outside the scope of this document. I use Shorewall, and open ports 443, 8140, 8081 and 22 to traffic from selected hosts and ranges.