ops / cfe-simple-iptables

C

cfe-simple-iptables

Wrapper for community cookbook 'simple_iptables'.

Public
Star
0
HTTP
56aefb0c v0.1.0. Initial cookbook release. · by Earth Ugat

cfe-simple-iptables-cookbook

Just a wrapper around simple_iptables to lessen typing.

Supported Platforms

The cookbook simple_iptables supports the most common Linux distros.

Attributes

Key Type Description Default
['cfe-simple-iptables']['filter'] Array Array of hashes that designate the rules to be added to table 'filter' []
['cfe-simple-iptables']['nat'] Array Array of hashes that designate the rules to be added to table 'nat' []
['cfe-simple-iptables']['mangle'] Array Array of hashes that designate the rules to be added to table 'mangle' []
['cfe-simple-iptables']['raw'] Array Array of hashes that designate the rules to be added to table 'raw' []

Usage

cfe-simple-iptables::default

Each element in the array attributes above is a hash with the following keys:

  :name      # Mandatory. Must not be the chain name.
  :jump      # Defaults to 'ACCEPT'
  :chain     # Defaults to 'INPUT'
  :direction # Defaults to the value of :chain
  :rule      # Defaults to ''
  :weight    # Defaults to 50

Each of the above keys correspond to a similarly-named attribute in the simple_iptables_rule LWRP provided by the simple_iptables cookbook. This LWRP will then be called for each of those hashes.

The hash keys can also be shortened to just their first letters. For example:

default['cfe-simple-iptables']['filter'] = [
  {
    :n => 'http',
    :r => ['--proto tcp --dport 80', '--proto tcp --dport 443'],
    :w => 20
  }
]

After setting proper node attributes, include cfe-simple-iptables in your node's run_list:

{
  "run_list": [
    "recipe[cfe-simple-iptables::default]"
  ]
}

License and Authors

Author:: Earth U. ()