Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms


iptables-services (6) Versions 2.2.0

Install/Configure iptables-services on linux nodes

cookbook 'iptables-services', '= 2.2.0'
cookbook 'iptables-services', '= 2.2.0', :supermarket
knife supermarket install iptables-services
knife supermarket download iptables-services
Quality 50%

Iptables Services


Install and configure iptables-services, an easy and clear way to manage iptables firewall with save/restore feature.

Also ensure that configured rules are effectively the same that iptable uses. Any rules added directly on a configured chain will be removed and any removed rule will be readded. Save and restore rules on restart.


Cookbooks and gems

Declared in [metadata.rb](metadata.rb) and in [Gemfile](Gemfile).


  • RHEL Family 7, tested on Centos

It should work with other systemd platform by configuring attributes like package name.

Complete support and tests will come if requested.



Add recipe[iptables-services] in your run-list to install iptables-services using the official distribution package.

By default rules are saved on stop and restored when ip(6)tables service starts. No chain configuration is enforced by default.

IPV4 and IPV6 are both activated by default.

Configure a chain

Configure node['iptables-services'][ip(6)tables]['tables'][table][chain]. Read [attributes/default.rb](attributes/default.rb) for more details and look at an example in [test/integration/roles/iptables-services-kitchen.json](this role).

Once a chain has been configured, this cookbook will ensure that the rules are always exactly as defined.


Sometimes you want to apply a given rule to a set of IPs. For instance to whitelist access to a database from a list of nodes. You can do that by defining a group of machines in node['iptables-services'][groups]: either by listing the IPs or by setting a node to search.

You'll find more details in [attributes/default.rb](attributes/default.rb) and a example in tests ([.kitchen.yml](.kitchen.yml) and [test](test)).


This cookbook is fully tested by kitchen and a vagrant box.

For more information, see [.kitchen.yml](.kitchen.yml) and [test](test) directory.


Configuration is done by overriding default attributes. All configuration keys have a default defined in [attributes/default.rb](attributes/default.rb). Please read it to have a comprehensive view of what and how you can configure this cookbook behavior.



Include install and config recipes.


Install iptables-services by using package. Save current rules at installation.


Configure ip(6)tables services from attributes.


Enable and start ip(6)tables services.


Apply chain configuration from attributes. If there is any modification from current rules and attributes, the chain is flushed and reconfigured.

Look at [attributes/default.rb](attributes/default.rb) for more info on how to configure a chain.


Available in [](


Please read carefully []( before making a merge request.

License and Author

Copyright (c) 2017-2018

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
See the License for the specific language governing permissions and
limitations under the License.

Dependent cookbooks

cluster-search >= 0.0.0

Contingent cookbooks

There are no cookbooks that are contingent upon this one.




  • feat: add "undefined" rule, used for custom chain
    • If you want to create a custom chain but you don't want to manage it because another program will do it, use "undefined" as rule set.
  • fix: remove fixed version of iptables package
  • fix: add cluster-search dependency in metadata



  • feat: add group, to duplicate rules for each member and deal with clusters more easily.


  • replace deprecated require_chef_omnibus
  • include .gitlab-ci.yml from test-cookbook



  • feat: major rewrite with new philosophy
    • This idea is to be able to select to which tables and chains we want to enforce a configuration, and let the others be managed by another programs.
    • The main use-case is to cohabit with Docker (and mostly Docker Swarm) without having to rewrite every rules (and also because Swarm without iptables support does not really work). Typically, we will define filter/INPUT and filter/DOCKER-USER and let Docker manages the rest.
    • Also, we configure the iptables service to save on stop and restart so we keep rules defined manually (or by other programs).
  • feat: can auto-update package (default)


  • add a second interface to facilitate tests



  • fix: saved rules were not correctly ordered
  • fix: "reload" ip[6]tables after service starts


  • style(rubocop): fix heredoc delimiter


  • Initial version with Centos 7 support, iptables and ip6tables

Collaborator Number Metric

2.2.0 failed this metric

Failure: Cookbook has 1 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric

2.2.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of, and your repo must contain a file

Foodcritic Metric

2.2.0 passed this metric

No Binaries Metric

2.2.0 passed this metric

Publish Metric

2.2.0 passed this metric

Supported Platforms Metric

2.2.0 passed this metric

Testing File Metric

2.2.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of, and your repo must contain a file

Version Tag Metric

2.2.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of, and your repo must include a tag that matches this cookbook version number