cookbook 'cerberus', '= 0.2.0'
cerberus (4) Versions 0.2.0 Follow3
Installs/Configures Cerberus firewall manager for Windows 2003 and 2008
cookbook 'cerberus', '= 0.2.0', :supermarket
knife supermarket install cerberus
knife supermarket download cerberus
Description
Installs/Configures cerberus firewall manager for Windows 2003. The key thought behind Cerberus' modus operandi is simple: define the permitted ports and protocols in one databag and the permitted IP addresses / ranges in another. Any IP inside the ip_permit databag would have access to any of the declared ports.
Requirements
Windows 2003 or 2008, a data bag to hold permitted ip addresses and a data bag to hold protocol details. Also requires the twitter cookbook to tweet service status changes; this dependency can be broken and removed easily.
Attributes
The Windows 2003 version uses a few attributes to point at the the "inf" file used for rule deployment; however, the vast majority of the information is stored inside data bags.
Usage
Create two data bags and add the permitted ips to the first and the permitted ports to the second as such:
ip_permit (sample item below)
{
"name": "data_bag_item_ip_permit_www",
"raw_data": {
"netmask": "/32",
"comment": "example host description here",
"fqdn": "www.smashrun.com",
"ipaddress": "192.168.0.110",
"id": "www",
"owner": "Joe User"
},
"json_class": "Chef::DataBagItem",
"data_bag": "ip_permit",
"chef_type": "data_bag_item"
}
firewall_rules (sample item below)
{
"name": "data_bag_item_firewall_rules_3389",
"raw_data": {
"name": "rdp",
"protocol": "tcp",
"id": "3389",
"permit": "enabled",
"description": "Remote Desktop (tcp 3389)"
},
"json_class": "Chef::DataBagItem",
"data_bag": "firewall_rules",
"chef_type": "data_bag_item"
}
Then add the cookbook to the runlist and watch it go!