Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

iptables-services (6) Versions 2.3.0

Install/Configure iptables-services on linux nodes

Policyfile
Berkshelf
Knife
cookbook 'iptables-services', '~> 2.3.0', :supermarket
cookbook 'iptables-services', '~> 2.3.0'
knife supermarket install iptables-services
knife supermarket download iptables-services
README
Dependencies
Changelog
Quality 33%

Iptables Services

Description

Install and configure iptables-services, an easy and clear way to manage
iptables firewall with save/restore feature.

Also ensure that configured rules are effectively the same that iptable
uses. Any rules added directly on a configured chain will be removed and
any removed rule will be readded. Save and restore rules on restart.

Requirements

Cookbooks and gems

Declared in [metadata.rb](metadata.rb) and in [Gemfile](Gemfile).

Platforms

  • RHEL Family 7, tested on Centos

It should work with other systemd platform by configuring attributes like
package name.

Complete support and tests will come if requested.

Usage

Setup

Add recipe[iptables-services] in your run-list to install iptables-services
using the official distribution package.

By default rules are saved on stop and restored when ip(6)tables service
starts. No chain configuration is enforced by default.

IPV4 and IPV6 are both activated by default.

Configure a chain

Configure node['iptables-services'][ip(6)tables]['tables'][table][chain].
Read [attributes/default.rb](attributes/default.rb) for more details and look
at an example in
[test/integration/roles/iptables-services-kitchen.json](this role).

Once a chain has been configured, this cookbook will ensure that the rules are
always exactly as defined.

Groups

Sometimes you want to apply a given rule to a set of IPs. For instance to
whitelist access to a database from a list of nodes. You can do that by
defining a group of machines in node['iptables-services'][groups]: either by
listing the IPs or by setting a node to search.

You'll find more details in [attributes/default.rb](attributes/default.rb) and
a example in tests ([.kitchen.yml](.kitchen.yml) and [test](test)).

Test

This cookbook is fully tested by kitchen and a vagrant box.

For more information, see [.kitchen.yml](.kitchen.yml) and [test](test)
directory.

Attributes

Configuration is done by overriding default attributes. All configuration keys
have a default defined in [attributes/default.rb](attributes/default.rb).
Please read it to have a comprehensive view of what and how you can configure
this cookbook behavior.

Recipes

default

Include install and config recipes.

install

Install iptables-services by using package. Save current rules at
installation.

config

Configure ip(6)tables services from attributes.

service

Enable and start ip(6)tables services.

update

Apply chain configuration from attributes. If there is any modification from
current rules and attributes, the chain is flushed and reconfigured.

Look at [attributes/default.rb](attributes/default.rb) for more info on how
to configure a chain.

Changelog

Available in [CHANGELOG.md](CHANGELOG.md).

Contributing

Please read carefully [CONTRIBUTING.md](CONTRIBUTING.md) before making a merge
request.

License and Author

Copyright (c) 2017-2018 Make.org

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

Dependent cookbooks

cluster-search >= 0.0.0

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

Changelog

2.3.0

Main:

Tests:

  • test: make kitchen.yml config file visible
    • As recommended by official documentation
  • fix: accept chef license
  • fix: add rspec-core to Gemfile

Misc:

  • chore: set generic maintainer & helpdesk email
  • chore: add supermarket category in .category
  • doc: use doc in git message instead of docs
  • style(rubocop): add FrozenStringLiteralComment
  • style(rubocop): avoid comma after hash last item
  • style(rubocop): add empty line after guard clause

2.2.0

Main:

  • feat: add "undefined" rule, used for custom chain
    • If you want to create a custom chain but you don't want to manage it because another program will do it, use "undefined" as rule set.
  • fix: remove fixed version of iptables package
  • fix: add cluster-search dependency in metadata

2.1.0

Main:

  • feat: add group, to duplicate rules for each member and deal with clusters more easily.

Tests:

  • replace deprecated require_chef_omnibus
  • include .gitlab-ci.yml from test-cookbook

2.0.0

Main:

  • feat: major rewrite with new philosophy
    • This idea is to be able to select to which tables and chains we want to enforce a configuration, and let the others be managed by another programs.
    • The main use-case is to cohabit with Docker (and mostly Docker Swarm) without having to rewrite every rules (and also because Swarm without iptables support does not really work). Typically, we will define filter/INPUT and filter/DOCKER-USER and let Docker manages the rest.
    • Also, we configure the iptables service to save on stop and restart so we keep rules defined manually (or by other programs).
  • feat: can auto-update package (default)

Tests:

  • add a second interface to facilitate tests

1.1.0

Main:

  • fix: saved rules were not correctly ordered
  • fix: "reload" ip[6]tables after service starts

Misc:

  • style(rubocop): fix heredoc delimiter

1.0.0

  • Initial version with Centos 7 support, iptables and ip6tables

Collaborator Number Metric
            

2.3.0 failed this metric

Failure: Cookbook has 1 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric
            

2.3.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file

Foodcritic Metric
            

2.3.0 passed this metric

No Binaries Metric
            

2.3.0 passed this metric

Testing File Metric
            

2.3.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file

Version Tag Metric
            

2.3.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number