Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

L7-firewall (9) Versions 1.0.11

Installs/Configures firewall

Policyfile
Berkshelf
Knife
cookbook 'L7-firewall', '= 1.0.11', :supermarket
cookbook 'L7-firewall', '= 1.0.11'
knife supermarket install L7-firewall
knife supermarket download L7-firewall
README
Dependencies
Quality 0%

firewall cookbook

Build Status
security
Cookbook Version

Description

Configures iptables packet filter via Opscode Chef in /etc/iptables.rules

Supported Platforms

  • Ubuntu
  • Debian

Tested on

  • Ubuntu 12.04, 14.04
  • Debian 7

Recipes

  • L7-firewall - The default recipe.
  • L7-firewall::allow_ssh - allows ssh on port 22
  • L7-firewall::basic_firewall - sets up a basic firewall rule and chain set with default drop policy
  • L7-firewall::basic_firewall_ipv6 - same as basic_firewall but for ipv6
  • L7-firewall::get_ips - sets public_ipaddress and public_ip6address attributes based on public ip addresses of the machine

Usage

Policy

  • table: iptables table. (default: filter)
  • chain: iptables chain. (default: INPUT)
  • protoversion: ipv4 or ipv6. (default: ipv4)
  • policy: iptables policy. (default: ACCEPT)
L7_firewall_policy 'Drop input' do
  policy 'DROP'
  chain 'INPUT'
end

Notrack

  • proto: protocol. (default: tcp)
  • protoversion: ipv4 or ipv6. (default: ipv4)
  • port: tcp or udp port. (default: '')
L7_firewall_notrack "Do not track http traffic" do
  port "80"
end

Rule

  • rule: iptables rule. (default: '')
  • position: position in the rule list. (default: APPEND)
  • table: iptables table. (default: filter)
  • chain: iptables chain. (default: INPUT)
  • proto: protocol. (default: all)
  • protoversion: ipv4 or ipv6. (default: ipv4)
  • jump: where to jump, like -j. (default: ACCEPT)
  • enabled: boolean. (default: true)

Example disabled rule to drop all traffic from 1.2.3.4 in blacklist chain:
ruby
L7_firewall_rule 'Example blacklist rule' do
rule '-s 1.2.3.4'
jump 'DROP'
chain 'BLACKLIST'
enabled false
end

TODO

  • Rewrite to LWRP

Contributing

  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Added some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request

License

  • Freely distributable and licensed under the MIT license.
  • Copyright (c) 2015 Gabor Szelcsanyi

image

Foodcritic Metric
            

1.0.11 failed this metric

FC015: Consider converting definition to a LWRP: /tmp/cook/d614d74f57503b8e6a10f099/L7-firewall/definitions/notrack.rb:1
FC015: Consider converting definition to a LWRP: /tmp/cook/d614d74f57503b8e6a10f099/L7-firewall/definitions/policy.rb:1
FC015: Consider converting definition to a LWRP: /tmp/cook/d614d74f57503b8e6a10f099/L7-firewall/definitions/rule.rb:1