diff -r a2342f26c9de -r b0b56e0f8c7f dev/provisioning/modules/puppi/files/scripts/firewall.sh
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/dev/provisioning/modules/puppi/files/scripts/firewall.sh	Fri Jan 15 15:35:00 2016 +0100
@@ -0,0 +1,63 @@
+#!/bin/bash
+# firewall.sh - Made for Puppi
+
+# Sources common header for Puppi scripts
+. $(dirname $0)/header || exit 10
+
+# Show help
+showhelp () {
+    echo "This script places a temporary firewall (iptables) rule to block access from the IP defined"
+    echo "It has the following options:"
+    echo "\$1 (Required) - Remote Ip address to block (Generally a load balancer"
+    echo "\$2 (Required) - Local port to block (0 for all ports"
+    echo "\$3 (Required) - Set on or off to insert or remove the blocking rule"
+    echo "\$4 (Required) - Number of seconds to sleep after having set the rule"
+    echo 
+    echo "Examples:"
+    echo "firewall.sh 10.42.0.1 0 on"
+    echo "firewall.sh 10.42.0.1 0 off"
+}
+
+# Check arguments
+if [ $2 ] ; then
+    ip=$1
+    port=$2
+else
+    showhelp
+    exit 2 
+fi
+
+if [ $3 ] ; then
+    if [ "$3" = "on" ] ; then
+        action="-I"
+    elif [ "$3" = "off" ] ; then
+        action="-D"
+    else 
+        showhelp
+        exit 2
+    fi
+else
+    showhelp
+    exit 2
+fi
+
+if [ $4 ] ; then
+    delay=$4
+else
+    delay="1"
+fi
+
+# Block
+run_iptables () {
+    if [ "$port" = "0" ] ; then
+        iptables $action INPUT -s $ip -j DROP
+    else
+        iptables $action INPUT -s $ip -p tcp --dport $port -j DROP
+    fi
+}
+
+run_iptables
+echo "Sleeping for $delay seconds"
+sleep $delay
+
+# Sooner or later this script will have multiOS support