Fix implicit dependency on firewall cookbook in kosmos-base

Also delete ufw cookbook, we're not using it

cookbooks/firewall/recipes/default.rb

@@ -27,6 +27,21 @@ end
 # create a variable to use as a condition on some rules that follow
 iptables_firewall = rhel? || node['firewall']['ubuntu_iptables']
 
+firewall_rule 'allow loopback' do
+  interface 'lo'
+  protocol :none
+  command :allow
+  only_if { linux? && node['firewall']['allow_loopback'] }
+end
+
+firewall_rule 'allow icmp' do
+  protocol :icmp
+  command :allow
+  # debian ufw doesn't allow 'icmp' protocol, but does open
+  # icmp by default, so we skip it in default recipe
+  only_if { (!debian? || iptables_firewall) && node['firewall']['allow_icmp'] }
+end
+
 firewall_rule 'allow world to ssh' do
   port 22
   source '0.0.0.0/0'

cookbooks/firewall/recipes/disable_firewall.rb

@@ -0,0 +1,23 @@
+#
+# Cookbook:: firewall
+# Recipe:: disable_firewall
+#
+# Copyright:: 2011-2016, Chef Software, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+# Disable platform default firewall
+firewall 'default' do
+  action :disable
+end