Update upstream cookbooks
This commit is contained in:
@@ -1,9 +1,9 @@
|
||||
#
|
||||
# Author:: Seth Chisamore (<schisamo@opscode.com>)
|
||||
# Cookbook Name:: firewall
|
||||
# Cookbook:: firewall
|
||||
# Resource:: default
|
||||
#
|
||||
# Copyright:: 2011, Opscode, Inc.
|
||||
# Copyright:: 2011-2016, Chef Software, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
@@ -23,7 +23,7 @@ class Chef
|
||||
include FirewallCookbook::Helpers::Iptables
|
||||
|
||||
provides :firewall, os: 'linux', platform_family: %w(debian) do |node|
|
||||
node['firewall'] && node['firewall']['ubuntu_iptables']
|
||||
node['platform_version'].to_f > 14.04 && node['firewall'] && node['firewall']['ubuntu_iptables']
|
||||
end
|
||||
|
||||
def whyrun_supported?
|
||||
@@ -41,7 +41,9 @@ class Chef
|
||||
end
|
||||
end
|
||||
|
||||
%w(rules.v4 rules.v6).each do |svc|
|
||||
rule_files = %w(rules.v4)
|
||||
rule_files << 'rules.v6' if ipv6_enabled?(new_resource)
|
||||
rule_files.each do |svc|
|
||||
# must create empty file for service to start
|
||||
file "create empty /etc/iptables/#{svc}" do
|
||||
path "/etc/iptables/#{svc}"
|
||||
@@ -50,8 +52,9 @@ class Chef
|
||||
end
|
||||
end
|
||||
|
||||
service 'iptables-persistent' do
|
||||
service 'netfilter-persistent' do
|
||||
action [:enable, :start]
|
||||
status_command 'true' # netfilter-persistent isn't a real service
|
||||
end
|
||||
end
|
||||
end
|
||||
@@ -90,7 +93,10 @@ class Chef
|
||||
end
|
||||
end
|
||||
|
||||
%w(iptables ip6tables).each do |iptables_type|
|
||||
rule_files = %w(iptables)
|
||||
rule_files << 'ip6tables' if ipv6_enabled?(new_resource)
|
||||
|
||||
rule_files.each do |iptables_type|
|
||||
iptables_filename = if iptables_type == 'ip6tables'
|
||||
'/etc/iptables/rules.v6'
|
||||
else
|
||||
@@ -110,7 +116,7 @@ class Chef
|
||||
|
||||
# if the file was changed, restart iptables
|
||||
next unless iptables_file.updated_by_last_action?
|
||||
service_affected = service 'iptables-persistent' do
|
||||
service_affected = service 'netfilter-persistent' do
|
||||
action :nothing
|
||||
end
|
||||
|
||||
@@ -126,7 +132,7 @@ class Chef
|
||||
iptables_default_allow!(new_resource)
|
||||
new_resource.updated_by_last_action(true)
|
||||
|
||||
service 'iptables-persistent' do
|
||||
service 'netfilter-persistent' do
|
||||
action [:disable, :stop]
|
||||
end
|
||||
|
||||
@@ -146,7 +152,9 @@ class Chef
|
||||
iptables_flush!(new_resource)
|
||||
new_resource.updated_by_last_action(true)
|
||||
|
||||
%w(rules.v4 rules.v6).each do |svc|
|
||||
rule_files = %w(rules.v4)
|
||||
rule_files << 'rules.v6' if ipv6_enabled?(new_resource)
|
||||
rule_files.each do |svc|
|
||||
# must create empty file for service to start
|
||||
file "create empty /etc/iptables/#{svc}" do
|
||||
path "/etc/iptables/#{svc}"
|
||||
|
||||
Reference in New Issue
Block a user