kosmos/chef
kosmos/chef
8
3
Fork 0
Code Issues 26 Pull Requests 2 Projects 2 Activity
chef/cookbooks/ufw/recipes/default.rb
Greg Karékinian 820b0ab3f8 Update cookbooks and add wordpress cookbook
2016-02-19 18:09:49 +01:00

91 lines
3.5 KiB
Ruby
Raw Blame History

#
# Author:: Matt Ray <matt@chef.io>
# Cookbook Name:: ufw
# Recipe:: default
#
# Copyright 2011-2015, Chef Software, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
package 'ufw'
old_state = node['firewall']['state']
new_state = node['firewall']['rules'].to_s
Chef::Log.debug "Old firewall state:#{old_state}"
Chef::Log.debug "New firewall state:#{new_state}"
# check to see if the firewall rules changed.
# the rules are always changed the first run
if old_state == new_state
Chef::Log.info 'Firewall rules unchanged.'
else
Chef::Log.info 'Firewall rules updated.'
node.set['firewall']['state'] = new_state
# drop rules and re-enable
execute 'ufw --force reset'
firewall 'ufw' do
action :install
end
# leave this on by default
firewall_rule 'ssh' do
port 22
action :create
end
node['firewall']['rules'].each do |rule_mash|
Chef::Log.debug "ufw:rule \"#{rule_mash}\""
rule_mash.keys.each do |rule|
Chef::Log.debug "ufw:rule:name \"#{rule}\""
params = rule_mash[rule]
Chef::Log.debug "ufw:rule:parameters \"#{params}\""
Chef::Log.debug "ufw:rule:name #{params['name']}" if params['name']
Chef::Log.debug "ufw:rule:protocol #{params['protocol']}" if params['protocol']
Chef::Log.debug "ufw:rule:direction #{params['direction']}" if params['direction']
Chef::Log.debug "ufw:rule:interface #{params['interface']}" if params['interface']
Chef::Log.debug "ufw:rule:logging #{params['logging']}" if params['logging']
Chef::Log.debug "ufw:rule:port #{params['port']}" if params['port']
Chef::Log.debug "ufw:rule:port_range #{params['port_range']}" if params['port_range']
Chef::Log.debug "ufw:rule:source #{params['source']}" if params['source']
Chef::Log.debug "ufw:rule:destination #{params['destination']}" if params['destination']
Chef::Log.debug "ufw:rule:dest_port #{params['dest_port']}" if params['dest_port']
Chef::Log.debug "ufw:rule:position #{params['position']}" if params['position']
act = params['action']
act ||= 'create'
fail 'ufw: port_range was specified to firewall_rule without protocol' if params['port_range'] && !params['protocol']
Chef::Log.debug "ufw:rule:action :#{act}"
firewall_rule rule do
name params['name'] if params['name']
protocol params['protocol'].to_sym if params['protocol']
direction params['direction'].to_sym if params['direction']
interface params['interface'] if params['interface']
logging params['logging'].to_sym if params['logging']
port params['port'].to_i if params['port']
if params['port_range']
ends = params['port_range'].split('..').map { |d| Integer(d) }
port_range ends[0]..ends[1]
end
source params['source'] if params['source']
destination params['destination'] if params['destination']
dest_port params['dest_port'].to_i if params['dest_port']
position params['position'].to_i if params['position']
action act
end
end
end
end
Reference in New Issue View Git Blame Copy Permalink