cookbook 'chz-firewall', '= 0.2.2'
chz-firewall (6) Versions 0.2.2 Follow0
Installs/Configures firewalls
cookbook 'chz-firewall', '= 0.2.2', :supermarket
knife supermarket install chz-firewall
knife supermarket download chz-firewall
Description
Firewall cookbook for Windows and GNU/Linux applications, developed at Cheezburger Inc.
License
New BSD License
Requirements
Windows, Ubuntu, or RHEL based
Attributes
['chz-firewall']['version'] Integer, if changed firewall will reload on windows.
Linux firewall is dynamic with attribute changes
['chz-firewall']['whitelist'] Array of IPs to whitelist
['chz-firewall']['blacklist'] Array of IPs to blacklist
['chz-firewall']['enable_ping'] Boolean, to allow incoming ping
['chz-firewall']['tcp_in'] Array of ports to open
['chz-firewall']['tcp_out'] Same
['chz-firewall']['udp_in'] Same
['chz-firewall']['udp_out'] Same
['chz-firewall']['firewall_type'] Iptables or windows autodetected, csf (http://configserver.com/cp/csf.html) partial support
['chz-firewall']['whitelist_interfaces'] = [ "lo" ]
['chz-firewall']['enable_vrrp'] Boolean, to enable vrrp (for keepalived to work)
['chz-firewall']['default_deny_in'] Boolean, drops unmatched traffic in if true
['chz-firewall']['default_deny_out'] Boolean, drops unmatched traffic out if true
['chz-firewall']['allow_established'] Boolean, allows established connections if true
Usage
Use default recipe for default rules with iptables or windows firewall.
Use attribute overrides to change settings.
Create databag 'chz-firewall' to optionally store whitelist and blacklist ip addresses with metadata. Example below:
{
"id": "office_ip_1",
"type": "whitelist",
"ip": "1.2.3.4",
"desc": "Generic ISP office IP"
}
Use type blacklist to create a blacklist item.
Notes
Not all attributes are yet supported by all types of firewalls. Vrrp and interface whitelist do not work in windows.
Tested on Ubuntu 12.04, Windows 2012 and 2008r2.
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
Foodcritic Metric
0.2.2 failed this metric
FC002: Avoid string interpolation where not required: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/iptables.rb:32
FC003: Check whether you are running with chef server before using server-specific features: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/iptables.rb:1
FC003: Check whether you are running with chef server before using server-specific features: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/iptables.rb:2
FC003: Check whether you are running with chef server before using server-specific features: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/windows.rb:1
FC003: Check whether you are running with chef server before using server-specific features: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/windows.rb:2
FC023: Prefer conditional attributes: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/iptables.rb:13
FC023: Prefer conditional attributes: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/windows.rb:175
FC024: Consider adding platform equivalents: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/iptables.rb:49
FC037: Invalid notification action: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/iptables.rb:50
FC041: Execute resource used to run curl or wget commands: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/install-csf.rb:15
FC043: Prefer new notification syntax: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/csf.rb:8
FC043: Prefer new notification syntax: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/csf.rb:16
FC043: Prefer new notification syntax: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/csf.rb:24
FC043: Prefer new notification syntax: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/csf.rb:32
0.2.2 failed this metric
FC003: Check whether you are running with chef server before using server-specific features: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/iptables.rb:1
FC003: Check whether you are running with chef server before using server-specific features: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/iptables.rb:2
FC003: Check whether you are running with chef server before using server-specific features: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/windows.rb:1
FC003: Check whether you are running with chef server before using server-specific features: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/windows.rb:2
FC023: Prefer conditional attributes: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/iptables.rb:13
FC023: Prefer conditional attributes: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/windows.rb:175
FC024: Consider adding platform equivalents: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/iptables.rb:49
FC037: Invalid notification action: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/iptables.rb:50
FC041: Execute resource used to run curl or wget commands: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/install-csf.rb:15
FC043: Prefer new notification syntax: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/csf.rb:8
FC043: Prefer new notification syntax: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/csf.rb:16
FC043: Prefer new notification syntax: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/csf.rb:24
FC043: Prefer new notification syntax: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/csf.rb:32