cookbook 'firewalld', '= 0.3.0', :supermarket
firewalld (9) Versions 0.3.0 Follow16
cookbook 'firewalld', '= 0.3.0'
knife supermarket install firewalld
knife supermarket download firewalld
firewalld provides a LWRP for adding and removing ports and rules to your firewall.
<table> <tr> <th>Attribute</th> <th>Description</th> <th>Example</th> <th>Default</th> </tr> <tr> <td>port</td> <td>(name attribute) the port to manage</td> <td>993/tcp</td> <td></td> </tr> <tr> <td>zone</td> <td><code>firewalld</code> zone to add or remove port from</td> <td>public</td> <td>(none, uses default zone)</td> </tr> </table>
Default action adds a port to the firewall:
This will allow access to TCP port 993 in the default zone.
Add the port to zone. If zone is omitted, default zone will be used.
firewalld_port '993/tcp' do action :add zone 'public' end
Removes the port from zone. If zone is omitted, default zone will be used.
firewalld_port '993/tcp' do action :remove zone 'public' end
rich_rule allows you to create complex rules directly onto the firewall.
It will load the rule into the running config and pass it to firewalld with the
--permanent flag, to persist it after a reload.
# This opens the ssh service to ip `192.168.100.5` and logs at a rate of 1 entry # per minute with a prefix of ssh on each log entry. # firewalld_rich_rule "ssh_add" do zone 'public' family 'ipv4' source_address '192.168.100.5/32' service_name 'ssh' log_prefix 'ssh' log_level 'info' limit_value '1/m' firewall_action 'accept' action :add end
The parameters for
rich_resource map directly to their commandline flag.
More can be read here: Complex Firewall Rules with Rich Language
name- The name of the resource. This is not passed to the
service-name- Name of the service defined by
family- IPv family. Choice of 'ipv4' or 'ipv6'. Default: 'ipv4'
zone- Predefined zone into which a network interface is placed.
source_address- Limits the origin of a connection attempt to a specific range of IPs.
destination_address- Limits the target of a connection attempt to a specific range of IPs.
port_number- Can be a single integer or a port range, for example
5060-5062. The protocol can be specified. Depends on
port_protocol- The protocol for the specified port, can be 'tcp' or 'udp'. Depends on
port_numberparameter and defaults to 'tcp'.
log_prefix- Logs new connection attempts with kernel logging. This will prepend the log lines with this prefix.
log_level- Can be one of 'emerg', 'alert', 'error', 'warning', 'notice', 'info', or 'debug'.
limit_value- Limits the rate at which logs are written. Defaults to "1/m" one write per minute.
firewall_action- Can be one of 'accept', 'reject', or 'drop'. This is the behavior by which all traffic that matches the rule will be handled.
If you're using Berkshelf, just add
firewalld to your
cookbook 'firewalld', git: 'https://github.com/jhh/firewalld-cookbook.git'
# metadata.rb depends 'firewalld'
- Fork the project
- Create a feature branch corresponding to you change
- Commit and test thoroughly
- Create a Pull Request on github
License & Authors
Copyright 2015, Jeff Hutchison Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
This cookbook has no specified dependencies.
Add Rich Rule LWRP documentation to README. [Manny Toledo]
ChefSpec test added for Rich Rule LWRP. [Manny Toledo]
Integration tests added for Rich Rule LWRP. [Manny Toledo]
Add rules directly with Rich Rule LWRP! [Manny Toledo]
Correct IPs in tests to more common ranges. [Manny Toledo]
Update readme. [Manny Toledo]
Add missing defaults in resource file and clean up comment. [Manny Toledo]
Better README and send email for Travis. [Jeff Hutchison]
Update ruby version. [Jeff Hutchison]
Add chefspec custom matchers, other cleanup. [Jeff Hutchison]
Need berkshelf for chefspec tests in Travis. [Jeff Hutchison]
Add chefspec tests. [Jeff Hutchison]
Exclude dependencies not used by Travis. [Jeff Hutchison]
Enable Travis CI. [Jeff Hutchison]
Clean up syntax. [Jeff Hutchison]
Use bundler. [Jeff Hutchison]
Add more tests. [Jeff Hutchison]
Removed attributes not recognized by Berkshelf. [Jeff Hutchison]
Add issues url. [Jeff Hutchison]
Bump version. [Jeff Hutchison]
Update README. [Jeff Hutchison]
Update license to Apache v2. [Jeff Hutchison]
First version with tests. [Jeff Hutchison]
0.3.0 failed this metric
FC002: Avoid string interpolation where not required: /tmp/cook/f44b87035b2d2384c51caaff/firewalld/providers/rich_rule.rb:43
0.3.0 failed this metric