Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

quick_firewall (5) Versions 0.1.3

Installs/Configures quick_firewall

Policyfile
Berkshelf
Knife
cookbook 'quick_firewall', '= 0.1.3', :supermarket
cookbook 'quick_firewall', '= 0.1.3'
knife supermarket install quick_firewall
knife supermarket download quick_firewall
README
Dependencies
Changelog
Quality 60%

quick_firewall cookbook

This cookbook is intended to configure basic firewall settings that are commonly used.
The modules make use of firewalld or ufw to set the rules.

PLEASE NOTE - The resource/providers in this cookbook are under development.

Requirements

  • Chef Infra Client 15.5+
depends 'quick_firewall'

Supported firewalls and platforms

  • UFW - Ubuntu, Debian
  • FirewallD - Red Hat & CentOS >= 7.0

Tested on:

  • Ubuntu 22.04 with ufw
  • CentOS 7 with firewalld
  • CentOS 8 with firewalld
  • Oracle 9 with firewalld

Resources

This cookbook comes with four resources:
- firewall_install
- firewall_open_port
- firewall_open_service
- firewall_zone

Attributes

  • default['quick_firewall']['open_ssh'] = true, set true to open port 22 for SSH when the default recipe runs
  • default['quick_firewall']['open_http'] = false, set true to open port 80 for http when the default recipe runs
  • default['quick_firewall']['open_https'] = false, set true to open port 443 for https when the default recipe runs

Usage

Installation

To install and enable the firewall use the firewall_install resource.

firewall_install 'default' do
action :install
end

This would keep the ssh port 22 open as an default action.
To preven this set
default['quick_firewall']['open_ssh'] = false

Oppening a port

The most basic way to open port 80 would be

firewall_open_port '80' do
port 80
protocol 'tcp'
action :create
end

Resource Definition:

firewall_open_port 'name' do
port Integer
protocol String
source String
zone TrueClass, FalseClass
action Symbol
end

where
* port is the port that is required to be open
* protocol is the protocol that the port uses, generally, tcp or udp
* source An IP or a subnet from where the request will be allowed. Debian family only will be ignored in RHEL.
* zone The firewall zone to use. Note RHEL Family only, will be ignored in Debian

Oppening a service

Thoug we recommend to use the firewall_open_port resource, services can be oppened by this resource.
Example to open https.

firewall_open_service 'https' do
service_name 'https'
ufw_port_track '443'
action :create
end

Resource Definition:

firewall_open_service 'name' do
service_name String
zone String
action Symbol
end

where
* service_name is the service that is required to be open. Example ssh, https, ldap etc
* ufw_port_track (Debian ONLY) Ignored in RHEL, is the port of the corresponding service. 22 for SSH etc.
* zone The firewall zone to use. Note RHEL Family only, will be ignored in Debian

Creating a firewalld zone

This resource will create a firewall zone in the RedHat Family.
Example 1

firewall_zone 'xyz-private' do
source '10.10.10.0/24'
action :create
end

Example 2

firewall_zone 'xyz-private' do
interface 'eth-2'
action :create
end

Resource Definition:

firewall_zone 'name' do
name String
source String
interface String
action Symbol
end

where
* name is the name of the zone to create
* source is the source ip or network
* interface if required, create the zone for a specific interfce.

Advanced Firewall

This cookbook takes the path where it relies more on the existing cli firewall tools firewall-cmd and ufw so that it can be adapted rapidly with latest os releases though compromising on granular controls but usefull enough for most basic scenarios.

For an advanced firewall configuration, please have a look at the firewall cookbook by sous-chef.

License

The cookbook comes as is without any warranty.

Dependent cookbooks

This cookbook has no specified dependencies.

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

quick_firewall CHANGELOG

This file is used to list changes made in each version of the quick_firewall cookbook.

0.1.0

Initial release.

  • change 0
  • change 1

Collaborator Number Metric
            

0.1.3 failed this metric

Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Cookstyle Metric
            

0.1.3 failed this metric

Chef/Correctness/InvalidPlatformMetadata: metadata.rb "supports" platform is invalid (https://docs.chef.io/workstation/cookstyle/chef_correctness_invalidplatformmetadata): quick_firewall/metadata.rb: 23

Run with Cookstyle Version 7.32.1 with cops Chef/Deprecations,Chef/Correctness,Chef/Sharing,Chef/RedundantCode,Chef/Modernize,Chef/Security,InSpec/Deprecations

No Binaries Metric
            

0.1.3 passed this metric

Testing File Metric
            

0.1.3 passed this metric

Version Tag Metric
            

0.1.3 passed this metric