cookbook 'L7-firewall', '~> 1.0.14'
L7-firewall (9) Versions 1.0.14 Follow1
Installs/Configures firewall
cookbook 'L7-firewall', '~> 1.0.14', :supermarket
knife supermarket install L7-firewall
knife supermarket download L7-firewall
firewall cookbook
Description
Configures iptables packet filter via Opscode Chef in /etc/iptables.rules
Supported Platforms
- Ubuntu
- Debian
Tested on
- Ubuntu 12.04, 14.04
- Debian 7
Recipes
-
L7-firewall- The default recipe. -
L7-firewall::allow_ssh- allows ssh on port 22 -
L7-firewall::basic_firewall- sets up a basic firewall rule and chain set with default drop policy -
L7-firewall::basic_firewall_ipv6- same as basic_firewall but for ipv6 -
L7-firewall::get_ips- sets public_ipaddress and public_ip6address attributes based on public ip addresses of the machine
Usage
Policy
- table: iptables table. (default: filter)
- chain: iptables chain. (default: INPUT)
- protoversion: ipv4 or ipv6. (default: ipv4)
- policy: iptables policy. (default: ACCEPT)
L7_firewall_policy 'Drop input' do policy 'DROP' chain 'INPUT' end
Notrack
- proto: protocol. (default: tcp)
- protoversion: ipv4 or ipv6. (default: ipv4)
- port: tcp or udp port. (default: '')
L7_firewall_notrack "Do not track http traffic" do port "80" end
Rule
- rule: iptables rule. (default: '')
- position: position in the rule list. (default: APPEND)
- table: iptables table. (default: filter)
- chain: iptables chain. (default: INPUT)
- proto: protocol. (default: all)
- protoversion: ipv4 or ipv6. (default: ipv4)
- jump: where to jump, like -j. (default: ACCEPT)
- enabled: boolean. (default: true)
Example disabled rule to drop all traffic from 1.2.3.4 in blacklist chain:
ruby
L7_firewall_rule 'Example blacklist rule' do
rule '-s 1.2.3.4'
jump 'DROP'
chain 'BLACKLIST'
enabled false
end
TODO
- Rewrite to LWRP
Contributing
- Fork it
- Create your feature branch (
git checkout -b my-new-feature) - Commit your changes (
git commit -am 'Added some feature') - Push to the branch (
git push origin my-new-feature) - Create new Pull Request
License
- Freely distributable and licensed under the MIT license.
- Copyright (c) 2015 Gabor Szelcsanyi
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
Collaborator Number Metric
1.0.14 failed this metric
Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
1.0.14 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
1.0.14 failed this metric
FC066: Ensure chef_version is set in metadata: L7-firewall/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
1.0.14 passed this metric
Testing File Metric
1.0.14 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.0.14 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
1.0.14 failed this metric
1.0.14 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
1.0.14 failed this metric
FC066: Ensure chef_version is set in metadata: L7-firewall/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
No Binaries Metric
1.0.14 passed this metric
Testing File Metric
1.0.14 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.0.14 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
1.0.14 failed this metric
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any
1.0.14 passed this metric
Testing File Metric
1.0.14 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
1.0.14 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
1.0.14 failed this metric
1.0.14 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
