This cookbook is much opinionated. This cookbook works on CentOS 7, doesn't like firewalld and loves iptables.
With this cookbook you can define rules for your iptables on CentOS 7.
By default this recipe deny all ports except ones specified in configuration
This cookbook requires:
firewall cookbook
- https://github.com/chef-cookbooks/firewall
"firewall": {
"open_ports": {
"sshd": 22,
"tcp": [80, 443],
"udp": []
}
}
Key | Type | Description | Default |
---|---|---|---|
['firewall']['open_ports']['sshd'] | Number | SSHd port | nil |
['firewall']['open_ports']['tcp'] | Array | list of TCP ports to be open | nil |
['firewall']['open_ports']['udp'] | Array | list of UDP ports to be open | nil |
Just include firewall
in your node's run_list
:
{
"name":"my_node",
"run_list": [
"recipe[firewall]"
]
}
and specify which ports you need open.
Need help for testing following best practises, if you can help you are welcome!
License: MIT
Authors:
Simone Dall'Angelo