cookbook 'firehol', '~> 0.4.0', :supermarket
firehol (2) Versions 0.4.0 Follow0
Installs/Configures firehol
cookbook 'firehol', '~> 0.4.0'
knife cookbook site install firehol
knife cookbook site download firehol
chef firehol cookbook
Inspired by official firewall cookbook.
Requirements
- Chef 12.5+
- Ubuntu 16.04
Usage
Firewall resource is mandatory (currently name is ignored):
firewall "firehol" do
version 6
end
At least one interface should be added:
firewall_interface "world" do
interface "any" # system network interface
end
Rules can be added as described:
firewall_rule "allow outgoing connections" do
command "accept"
interface "world"
service "all"
type "client"
end
Custom services can be added with server ports as string:
firewall_service "mosh" do
server_ports "udp/60000:61000"
end
Or hash:
firewall_service "minidlna" do
server_ports tcp: %w(1900 8200),
udp: %w(1900 5353 8200)
end
Routers can be created as shown:
secondary_interface =
node[:network][:interfaces].keys.find { |interface| !["lo", node[:network][:default_interface]].include? interface }
firewall_router "home2internet" do
inface secondary_interface
outface node[:network][:default_interface]
masquerade true
end
firewall_router "internet2home" do
inface node[:network][:default_interface]
outface secondary_interface
reverse_masquerade true
end
firewall_rule "home2internet ssh" do
command "accept"
interface "home2internet"
service "ssh"
type "client"
end
firewall_rule "home2internet route" do
command "accept"
interface "home2internet"
service "all"
type "route"
end
firewall_rule "internet2home all" do
command "accept"
interface "internet2home"
service "all"
type "client"
end
firewall_rule "internet2home reject ident" do
command "reject with tcp-reset"
interface "internet2home"
service "ident"
type "route"
end
In result firehol.conf will be generated:
# File generated by Chef, all changes will be overwritten
FIREHOL_LOG_MODE="LOG"
FIREHOL_LOG_LEVEL="crit"
version 6
client_mosh_ports="default"
server_mosh_ports="udp/60000:61000"
client_minidlna_ports="default"
server_minidlna_ports="tcp/1900 tcp/8200 udp/1900 udp/5353 udp/8200"
interface any world
server ssh accept # accept ssh connections
client all accept # allow outgoing connections
router home2internet inface enp0s8 outface enp0s3
masquerade
client ssh accept # home2internet ssh
route all accept # home2internet route
router internet2home inface enp0s3 outface enp0s8
masquerade reverse
client all accept # internet2home all
route ident reject with tcp-reset # internet2home reject ident
Testing
$ bundle install
$ guard
[1] guard(main)> all
$ kitchen verify
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
firehol CHANGELOG
0.4.0
- [Szymon Szypulski] - Rewrite all resources to support why_run.
- [Szymon Szypulski] - Ensure resources are converged only when firewall configuration changes.
- [Szymon Szypulski] - Suppress iptables logs.
0.3.1
- [Szymon Szypulski] - Ensure firehol is restarted after firhol.conf is built.
0.3.0
- [Szymon Szypulski] - Support for basic router.
- [Szymon Szypulski] - Fix firehol service startup.
- [Szymon Szypulski] - Permit incoming ssh traffic.
0.2.0
- [Szymon Szypulski] - Support for custom services.
0.1.0
- [Szymon Szypulski] - Initial release of chef-firehol.
- [Szymon Szypulski] - Basic firewall, rule and interface implementation.
Collaborator Number Metric
0.4.0 failed this metric
Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
0.4.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.4.0 failed this metric
FC057: Library provider does not declare use_inline_resources: firehol/libraries/provider_firewall_interface.rb:2
FC057: Library provider does not declare use_inline_resources: firehol/libraries/provider_firewall_router.rb:2
FC057: Library provider does not declare use_inline_resources: firehol/libraries/provider_firewall_rule.rb:2
FC057: Library provider does not declare use_inline_resources: firehol/libraries/provider_firewall_service.rb:2
Run with Foodcritic Version 11.1.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
License Metric
0.4.0 failed this metric
firehol does not have a valid open source license.
Acceptable licenses include Apache-2.0, apachev2, Apache 2.0, MIT, mit, GPL-2.0, gplv2, GNU Public License 2.0, GPL-3.0, gplv3, GNU Public License 3.0.
No Binaries Metric
0.4.0 passed this metric
Publish Metric
0.4.0 passed this metric
Supported Platforms Metric
0.4.0 passed this metric
Testing File Metric
0.4.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.4.0 passed this metric
0.4.0 failed this metric
0.4.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.4.0 failed this metric
FC057: Library provider does not declare use_inline_resources: firehol/libraries/provider_firewall_interface.rb:2
FC057: Library provider does not declare use_inline_resources: firehol/libraries/provider_firewall_router.rb:2
FC057: Library provider does not declare use_inline_resources: firehol/libraries/provider_firewall_rule.rb:2
FC057: Library provider does not declare use_inline_resources: firehol/libraries/provider_firewall_service.rb:2
Run with Foodcritic Version 11.1.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
License Metric
0.4.0 failed this metric
firehol does not have a valid open source license.
Acceptable licenses include Apache-2.0, apachev2, Apache 2.0, MIT, mit, GPL-2.0, gplv2, GNU Public License 2.0, GPL-3.0, gplv3, GNU Public License 3.0.
No Binaries Metric
0.4.0 passed this metric
Publish Metric
0.4.0 passed this metric
Supported Platforms Metric
0.4.0 passed this metric
Testing File Metric
0.4.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.4.0 passed this metric
0.4.0 failed this metric
FC057: Library provider does not declare use_inline_resources: firehol/libraries/provider_firewall_router.rb:2
FC057: Library provider does not declare use_inline_resources: firehol/libraries/provider_firewall_rule.rb:2
FC057: Library provider does not declare use_inline_resources: firehol/libraries/provider_firewall_service.rb:2
Run with Foodcritic Version 11.1.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
0.4.0 failed this metric
firehol does not have a valid open source license.
Acceptable licenses include Apache-2.0, apachev2, Apache 2.0, MIT, mit, GPL-2.0, gplv2, GNU Public License 2.0, GPL-3.0, gplv3, GNU Public License 3.0.
No Binaries Metric
0.4.0 passed this metric
Publish Metric
0.4.0 passed this metric
Supported Platforms Metric
0.4.0 passed this metric
Testing File Metric
0.4.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.4.0 passed this metric
0.4.0 passed this metric
0.4.0 passed this metric
Supported Platforms Metric
0.4.0 passed this metric
Testing File Metric
0.4.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.4.0 passed this metric
0.4.0 passed this metric
0.4.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.4.0 passed this metric
0.4.0 passed this metric
