Configures iptables packet filter via Opscode Chef in /etc/iptables.rules
- Ubuntu
- Debian
- Ubuntu 12.04, 14.04
- Debian 7
L7-firewall
- The default recipe.L7-firewall::allow_ssh
- allows ssh on port 22L7-firewall::basic_firewall
- sets up a basic firewall rule and chain set with default drop policyL7-firewall::basic_firewall_ipv6
- same as basic_firewall but for ipv6L7-firewall::get_ips
- sets public_ipaddress and public_ip6address attributes based on public ip addresses of the machine
- table: iptables table. (default: filter)
- chain: iptables chain. (default: INPUT)
- protoversion: ipv4 or ipv6. (default: ipv4)
- policy: iptables policy. (default: ACCEPT)
L7_firewall_policy 'Drop input' do
policy 'DROP'
chain 'INPUT'
end
- proto: protocol. (default: tcp)
- protoversion: ipv4 or ipv6. (default: ipv4)
- port: tcp or udp port. (default: '')
L7_firewall_notrack "Do not track http traffic" do
port "80"
end
- rule: iptables rule. (default: '')
- position: position in the rule list. (default: APPEND)
- table: iptables table. (default: filter)
- chain: iptables chain. (default: INPUT)
- proto: protocol. (default: all)
- protoversion: ipv4 or ipv6. (default: ipv4)
- jump: where to jump, like -j. (default: ACCEPT)
- enabled: boolean. (default: true)
Example disabled rule to drop all traffic from 1.2.3.4 in blacklist chain:
L7_firewall_rule 'Example blacklist rule' do
rule '-s 1.2.3.4'
jump 'DROP'
chain 'BLACKLIST'
enabled false
end
- Rewrite to LWRP
- Fork it
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Added some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create new Pull Request
- Freely distributable and licensed under the MIT license.
- Copyright (c) 2015 Gabor Szelcsanyi