Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms


L7-firewall (9) Versions 1.0.6

Installs/Configures firewall

cookbook 'L7-firewall', '= 1.0.6'
cookbook 'L7-firewall', '= 1.0.6', :supermarket
knife supermarket install L7-firewall
knife supermarket download L7-firewall
Quality 0%

firewall cookbook

Build Status security


Configures iptables packet filter via Opscode Chef in /etc/iptables.rules

Supported Platforms

  • Ubuntu
  • Debian

Tested on

  • Ubuntu 12.04, 14.04
  • Debian 7


  • L7-firewall - The default recipe.
  • L7-firewall::allow_ssh - allows ssh on port 22
  • L7-firewall::basic_firewall - sets up a basic firewall rule and chain set with default drop policy
  • L7-firewall::basic_firewall_ipv6 - same as basic_firewall but for ipv6
  • L7-firewall::get_ips - sets public_ipaddress and public_ip6address attributes based on public ip addresses of the machine



  • table: iptables table. (default: filter)
  • chain: iptables chain. (default: INPUT)
  • protoversion: ipv4 or ipv6. (default: ipv4)
  • policy: iptables policy. (default: ACCEPT)
L7_firewall_policy 'Drop input' do
  policy 'DROP'
  chain 'INPUT'


  • proto: protocol. (default: tcp)
  • protoversion: ipv4 or ipv6. (default: ipv4)
  • port: tcp or udp port. (default: '')
L7_firewall_notrack "Do not track http traffic" do
  port "80"


  • rule: iptables rule. (default: '')
  • position: position in the rule list. (default: APPEND)
  • table: iptables table. (default: filter)
  • chain: iptables chain. (default: INPUT)
  • proto: protocol. (default: all)
  • protoversion: ipv4 or ipv6. (default: ipv4)
  • jump: where to jump, like -j. (default: ACCEPT)
  • enabled: boolean. (default: true)

Example disabled rule to drop all traffic from in blacklist chain: ruby L7_firewall_rule 'Example blacklist rule' do rule '-s' jump 'DROP' chain 'BLACKLIST' enabled false end


  • Rewrite to LWRP


  1. Fork it
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Added some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request


  • Freely distributable and licensed under the MIT license.
  • Copyright (c) 2015 Gabor Szelcsanyi


Foodcritic Metric

1.0.6 failed this metric

FC015: Consider converting definition to a LWRP: /tmp/cook/55a67ef5ff59456b6ec666e9/L7-firewall/definitions/notrack.rb:1
FC015: Consider converting definition to a LWRP: /tmp/cook/55a67ef5ff59456b6ec666e9/L7-firewall/definitions/policy.rb:1
FC015: Consider converting definition to a LWRP: /tmp/cook/55a67ef5ff59456b6ec666e9/L7-firewall/definitions/rule.rb:1