Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

RSS

iptables-services (5) Versions 2.1.0

Install/Configure iptables-services on linux nodes

Berkshelf/Librarian
Policyfile
Knife
cookbook 'iptables-services', '= 2.1.0'
cookbook 'iptables-services', '= 2.1.0', :supermarket
knife cookbook site install iptables-services
knife cookbook site download iptables-services
README
Dependencies
Changelog
Quality 56%

Iptables Services

Description

Install and configure iptables-services, an easy and clear way to manage iptables firewall with save/restore feature.

Also ensure that configured rules are effectively the same that iptable uses. Any rules added directly on a configured chain will be removed and any removed rule will be readded. Save and restore rules on restart.

Requirements

Cookbooks and gems

Declared in metadata.rb and in Gemfile.

Platforms

  • RHEL Family 7, tested on Centos

It should work with other systemd platform by configuring attributes like package name.

Complete support and tests will come if requested.

Usage

Setup

Add recipe[iptables-services] in your run-list to install iptables-services using the official distribution package.

By default rules are saved on stop and restored when ip(6)tables service starts. No chain configuration is enforced by default.

IPV4 and IPV6 are both activated by default.

Configure a chain

Configure node['iptables-services'][ip(6)tables]['tables'][table][chain]. Read attributes/default.rb for more details and look at an example in test/integration/roles/iptables-services-kitchen.json.

Once a chain has been configured, this cookbook will ensure that the rules are always exactly as defined.

Groups

Sometimes you want to apply a given rule to a set of IPs. For instance to whitelist access to a database from a list of nodes. You can do that by defining a group of machines in node['iptables-services'][groups]: either by listing the IPs or by setting a node to search.

You'll find more details in attributes/default.rb and a example in tests (.kitchen.yml and test).

Test

This cookbook is fully tested by kitchen and a vagrant box.

For more information, see .kitchen.yml and test directory.

Attributes

Configuration is done by overriding default attributes. All configuration keys have a default defined in attributes/default.rb. Please read it to have a comprehensive view of what and how you can configure this cookbook behavior.

Recipes

default

Include install and config recipes.

install

Install iptables-services by using package. Save current rules at installation.

config

Configure ip(6)tables services from attributes.

service

Enable and start ip(6)tables services.

update

Apply chain configuration from attributes. If there is any modification from current rules and attributes, the chain is flushed and reconfigured.

Look at attributes/default.rb for more info on how to configure a chain.

Changelog

Available in CHANGELOG.md.

Contributing

Please read carefully CONTRIBUTING.md before making a merge request.

License and Author

Copyright (c) 2017-2018 Make.org

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Dependent cookbooks

This cookbook has no specified dependencies.

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

Changelog

2.1.0

Main:

  • feat: add group, to duplicate rules for each member and deal with clusters more easily.

Tests:

  • replace deprecated require_chef_omnibus
  • include .gitlab-ci.yml from test-cookbook

2.0.0

Main:

  • feat: major rewrite with new philosophy
    • This idea is to be able to select to which tables and chains we want to enforce a configuration, and let the others be managed by another programs.
    • The main use-case is to cohabit with Docker (and mostly Docker Swarm) without having to rewrite every rules (and also because Swarm without iptables support does not really work). Typically, we will define filter/INPUT and filter/DOCKER-USER and let Docker manages the rest.
    • Also, we configure the iptables service to save on stop and restart so we keep rules defined manually (or by other programs).
  • feat: can auto-update package (default)

Tests:

  • add a second interface to facilitate tests

1.1.0

Main:

  • fix: saved rules were not correctly ordered
  • fix: "reload" ip[6]tables after service starts

Misc:

  • style(rubocop): fix heredoc delimiter

1.0.0

  • Initial version with Centos 7 support, iptables and ip6tables

Collaborator Number Metric
            

2.1.0 failed this metric

Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric
            

2.1.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file

Foodcritic Metric
            

2.1.0 passed this metric

License Metric
            

2.1.0 passed this metric

No Binaries Metric
            

2.1.0 passed this metric

Publish Metric
            

2.1.0 passed this metric

Supported Platforms Metric
            

2.1.0 passed this metric

Testing File Metric
            

2.1.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file

Version Tag Metric
            

2.1.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number