cookbook 'L7-firewall', '= 1.0.8'
L7-firewall (9) Versions 1.0.8 Follow1
Installs/Configures firewall
cookbook 'L7-firewall', '= 1.0.8', :supermarket
knife supermarket install L7-firewall
knife supermarket download L7-firewall
firewall cookbook
Description
Configures iptables packet filter via Opscode Chef in /etc/iptables.rules
Supported Platforms
- Ubuntu
- Debian
Tested on
- Ubuntu 12.04, 14.04
- Debian 7
Recipes
-
L7-firewall
- The default recipe. -
L7-firewall::allow_ssh
- allows ssh on port 22 -
L7-firewall::basic_firewall
- sets up a basic firewall rule and chain set with default drop policy -
L7-firewall::basic_firewall_ipv6
- same as basic_firewall but for ipv6 -
L7-firewall::get_ips
- sets public_ipaddress and public_ip6address attributes based on public ip addresses of the machine
Usage
Policy
- table: iptables table. (default: filter)
- chain: iptables chain. (default: INPUT)
- protoversion: ipv4 or ipv6. (default: ipv4)
- policy: iptables policy. (default: ACCEPT)
L7_firewall_policy 'Drop input' do policy 'DROP' chain 'INPUT' end
Notrack
- proto: protocol. (default: tcp)
- protoversion: ipv4 or ipv6. (default: ipv4)
- port: tcp or udp port. (default: '')
L7_firewall_notrack "Do not track http traffic" do port "80" end
Rule
- rule: iptables rule. (default: '')
- position: position in the rule list. (default: APPEND)
- table: iptables table. (default: filter)
- chain: iptables chain. (default: INPUT)
- proto: protocol. (default: all)
- protoversion: ipv4 or ipv6. (default: ipv4)
- jump: where to jump, like -j. (default: ACCEPT)
- enabled: boolean. (default: true)
Example disabled rule to drop all traffic from 1.2.3.4 in blacklist chain:
ruby
L7_firewall_rule 'Example blacklist rule' do
rule '-s 1.2.3.4'
jump 'DROP'
chain 'BLACKLIST'
enabled false
end
TODO
- Rewrite to LWRP
Contributing
- Fork it
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Added some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create new Pull Request
License
- Freely distributable and licensed under the MIT license.
- Copyright (c) 2015 Gabor Szelcsanyi
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
Foodcritic Metric
1.0.8 failed this metric
FC001: Use strings in preference to symbols to access node attributes: /tmp/cook/da33295c88fc8568222ca35d/L7-firewall/definitions/notrack.rb:10
FC015: Consider converting definition to a LWRP: /tmp/cook/da33295c88fc8568222ca35d/L7-firewall/definitions/notrack.rb:1
FC015: Consider converting definition to a LWRP: /tmp/cook/da33295c88fc8568222ca35d/L7-firewall/definitions/policy.rb:1
FC015: Consider converting definition to a LWRP: /tmp/cook/da33295c88fc8568222ca35d/L7-firewall/definitions/rule.rb:1
FC019: Access node attributes in a consistent manner: /tmp/cook/da33295c88fc8568222ca35d/L7-firewall/definitions/notrack.rb:10
1.0.8 failed this metric
FC015: Consider converting definition to a LWRP: /tmp/cook/da33295c88fc8568222ca35d/L7-firewall/definitions/notrack.rb:1
FC015: Consider converting definition to a LWRP: /tmp/cook/da33295c88fc8568222ca35d/L7-firewall/definitions/policy.rb:1
FC015: Consider converting definition to a LWRP: /tmp/cook/da33295c88fc8568222ca35d/L7-firewall/definitions/rule.rb:1
FC019: Access node attributes in a consistent manner: /tmp/cook/da33295c88fc8568222ca35d/L7-firewall/definitions/notrack.rb:10