Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

chz-firewall (6) Versions 0.2.2

Installs/Configures firewalls

Policyfile
Berkshelf
Knife
cookbook 'chz-firewall', '= 0.2.2', :supermarket
cookbook 'chz-firewall', '= 0.2.2'
knife supermarket install chz-firewall
knife supermarket download chz-firewall
README
Dependencies
Quality 0%

Description

Firewall cookbook for Windows and GNU/Linux applications, developed at Cheezburger Inc.

License

New BSD License

Requirements

Windows, Ubuntu, or RHEL based

Attributes

['chz-firewall']['version'] Integer, if changed firewall will reload on windows.
Linux firewall is dynamic with attribute changes
['chz-firewall']['whitelist'] Array of IPs to whitelist
['chz-firewall']['blacklist'] Array of IPs to blacklist
['chz-firewall']['enable_ping'] Boolean, to allow incoming ping
['chz-firewall']['tcp_in'] Array of ports to open
['chz-firewall']['tcp_out'] Same
['chz-firewall']['udp_in'] Same
['chz-firewall']['udp_out'] Same
['chz-firewall']['firewall_type'] Iptables or windows autodetected, csf (http://configserver.com/cp/csf.html) partial support
['chz-firewall']['whitelist_interfaces'] = [ "lo" ]
['chz-firewall']['enable_vrrp'] Boolean, to enable vrrp (for keepalived to work)
['chz-firewall']['default_deny_in'] Boolean, drops unmatched traffic in if true
['chz-firewall']['default_deny_out'] Boolean, drops unmatched traffic out if true
['chz-firewall']['allow_established'] Boolean, allows established connections if true

Usage

Use default recipe for default rules with iptables or windows firewall.
Use attribute overrides to change settings.
Create databag 'chz-firewall' to optionally store whitelist and blacklist ip addresses with metadata. Example below:

{
"id": "office_ip_1",
"type": "whitelist",
"ip": "1.2.3.4",
"desc": "Generic ISP office IP"
}

Use type blacklist to create a blacklist item.

Notes

Not all attributes are yet supported by all types of firewalls. Vrrp and interface whitelist do not work in windows.
Tested on Ubuntu 12.04, Windows 2012 and 2008r2.

Dependent cookbooks

This cookbook has no specified dependencies.

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

Foodcritic Metric
            

0.2.2 failed this metric

FC002: Avoid string interpolation where not required: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/iptables.rb:32
FC003: Check whether you are running with chef server before using server-specific features: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/iptables.rb:1
FC003: Check whether you are running with chef server before using server-specific features: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/iptables.rb:2
FC003: Check whether you are running with chef server before using server-specific features: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/windows.rb:1
FC003: Check whether you are running with chef server before using server-specific features: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/windows.rb:2
FC023: Prefer conditional attributes: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/iptables.rb:13
FC023: Prefer conditional attributes: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/windows.rb:175
FC024: Consider adding platform equivalents: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/iptables.rb:49
FC037: Invalid notification action: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/iptables.rb:50
FC041: Execute resource used to run curl or wget commands: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/install-csf.rb:15
FC043: Prefer new notification syntax: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/csf.rb:8
FC043: Prefer new notification syntax: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/csf.rb:16
FC043: Prefer new notification syntax: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/csf.rb:24
FC043: Prefer new notification syntax: /tmp/cook/d3a441ad2b985253ba07e84e/chz-firewall/recipes/csf.rb:32