cfe-simple-iptables-cookbook
Just a wrapper around simple_iptables to lessen typing.
Supported Platforms
The cookbook simple_iptables supports the most common Linux distros.
Attributes
| Key | Type | Description | Default |
|---|---|---|---|
| ['cfe-simple-iptables']['filter'] | Array | Array of hashes that designate the rules to be added to table 'filter' | [] |
| ['cfe-simple-iptables']['nat'] | Array | Array of hashes that designate the rules to be added to table 'nat' | [] |
| ['cfe-simple-iptables']['mangle'] | Array | Array of hashes that designate the rules to be added to table 'mangle' | [] |
| ['cfe-simple-iptables']['raw'] | Array | Array of hashes that designate the rules to be added to table 'raw' | [] |
Usage
cfe-simple-iptables::default
Each element in the array attributes above is a hash with the following keys:
:name # Mandatory. Must not be the chain name.
:jump # Defaults to 'ACCEPT'
:chain # Defaults to 'INPUT'
:direction # Defaults to the value of :chain
:rule # Defaults to ''
:weight # Defaults to 50Each of the above keys correspond to a similarly-named attribute in the simple_iptables_rule LWRP provided by the simple_iptables cookbook. This LWRP will then be called for each of those hashes.
The hash keys can also be shortened to just their first letters. For example:
default['cfe-simple-iptables']['filter'] = [
{
:n => 'http',
:r => ['--proto tcp --dport 80', '--proto tcp --dport 443'],
:w => 20
}
]After setting proper node attributes, include cfe-simple-iptables in your node's run_list:
{
"run_list": [
"recipe[cfe-simple-iptables::default]"
]
}License and Authors
Author:: Earth U. ()