Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

chz-firewall (6) Versions 0.2.3

Installs/Configures firewalls

Policyfile
Berkshelf
Knife
cookbook 'chz-firewall', '~> 0.2.3', :supermarket
cookbook 'chz-firewall', '~> 0.2.3'
knife supermarket install chz-firewall
knife supermarket download chz-firewall
README
Dependencies
Quality 17%

Description

Firewall cookbook for Windows and GNU/Linux applications, developed at Cheezburger Inc.

License

New BSD License

Requirements

Windows, Ubuntu, or RHEL based

Attributes

['chz-firewall']['version'] Integer, if changed firewall will reload on windows.
Linux firewall is dynamic with attribute changes
['chz-firewall']['whitelist'] Array of IPs to whitelist
['chz-firewall']['blacklist'] Array of IPs to blacklist
['chz-firewall']['enable_ping'] Boolean, to allow incoming ping
['chz-firewall']['tcp_in'] Array of ports to open
['chz-firewall']['tcp_out'] Same
['chz-firewall']['udp_in'] Same
['chz-firewall']['udp_out'] Same
['chz-firewall']['firewall_type'] Iptables or windows autodetected, csf (http://configserver.com/cp/csf.html) partial support
['chz-firewall']['whitelist_interfaces'] = [ "lo" ]
['chz-firewall']['enable_vrrp'] Boolean, to enable vrrp (for keepalived to work)
['chz-firewall']['default_deny_in'] Boolean, drops unmatched traffic in if true
['chz-firewall']['default_deny_out'] Boolean, drops unmatched traffic out if true
['chz-firewall']['allow_established'] Boolean, allows established connections if true

Usage

Use default recipe for default rules with iptables or windows firewall.
Use attribute overrides to change settings.
Create databag 'chz-firewall' to optionally store whitelist and blacklist ip addresses with metadata. Example below:

{
"id": "office_ip_1",
"type": "whitelist",
"ip": "1.2.3.4",
"desc": "Generic ISP office IP"
}

Use type blacklist to create a blacklist item.

Notes

Not all attributes are yet supported by all types of firewalls. Vrrp and interface whitelist do not work in windows.
Tested on Ubuntu 12.04, Windows 2012 and 2008r2.

Dependent cookbooks

This cookbook has no specified dependencies.

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

Collaborator Number Metric
            

0.2.3 failed this metric

Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric
            

0.2.3 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file

Foodcritic Metric
            

0.2.3 failed this metric

FC037: Invalid notification action: chz-firewall/recipes/iptables.rb:50
FC043: Prefer new notification syntax: chz-firewall/recipes/csf.rb:8
FC043: Prefer new notification syntax: chz-firewall/recipes/csf.rb:16
FC043: Prefer new notification syntax: chz-firewall/recipes/csf.rb:24
FC043: Prefer new notification syntax: chz-firewall/recipes/csf.rb:32
FC064: Ensure issues_url is set in metadata: chz-firewall/metadata.rb:1
FC065: Ensure source_url is set in metadata: chz-firewall/metadata.rb:1
FC066: Ensure chef_version is set in metadata: chz-firewall/metadata.rb:1
FC069: Ensure standardized license defined in metadata: chz-firewall/metadata.rb:1
Run with Foodcritic Version 16.3.0 with tags metadata,correctness ~FC031 ~FC045 and failure tags any

No Binaries Metric
            

0.2.3 passed this metric

Testing File Metric
            

0.2.3 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file

Version Tag Metric
            

0.2.3 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number