Fix implicit dependency on firewall cookbook in kosmos-base

Also delete ufw cookbook, we're not using it
2017-05-02 11:46:56 +02:00
parent 11b812fbb8
commit 030b2501eb
33 changed files with 442 additions and 778 deletions
--- a/cookbooks/firewall/recipes/default.rb
+++ b/cookbooks/firewall/recipes/default.rb
@@ -27,6 +27,21 @@ end
 # create a variable to use as a condition on some rules that follow
 iptables_firewall = rhel? || node['firewall']['ubuntu_iptables']

+firewall_rule 'allow loopback' do
+  interface 'lo'
+  protocol :none
+  command :allow
+  only_if { linux? && node['firewall']['allow_loopback'] }
+end
+
+firewall_rule 'allow icmp' do
+  protocol :icmp
+  command :allow
+  # debian ufw doesn't allow 'icmp' protocol, but does open
+  # icmp by default, so we skip it in default recipe
+  only_if { (!debian? || iptables_firewall) && node['firewall']['allow_icmp'] }
+end
+
 firewall_rule 'allow world to ssh' do
  port 22
  source '0.0.0.0/0'