We will change the default configuration for the iptables module from "false" to "true". For any hosts that don't otherwise declare it, iptables will then switch on and become managed by Puppet using the default configuration.

We'll make this change on Monday 23rd September.

If you wish to disable the Puppet management of iptables for your hostgroup, please edit the hostgroup parameters in Foreman and set:

   writefirewall = false

Use Foreman -> Host -> YAML to check the value for an example host in your hostgroup to tell you if it is already managed. For convenience:

   https://judy.cern.ch/hosts/aiadm024.cern.ch/externalNodes?name=aiadm024....

substituting your hostname in both places.