Permalink
Browse files

iptables robustness

  • Loading branch information...
1 parent b9c3c51 commit 0fbc12c70f55b0358b37e6e5a52a6e1affb5f80c joewilliams committed with schisamo May 23, 2011
Showing with 19 additions and 1 deletion.
  1. +3 −1 files/default/rebuild-iptables
  2. +13 −0 recipes/default.rb
  3. +3 −0 templates/default/iptables_load.erb
@@ -6,6 +6,7 @@ our $ID = q$Id: rebuild-iptables 344 2006-10-04 02:48:30Z digant $;
#
# Written by Russ Allbery <rra@stanford.edu>
# Adapted by Digant C Kasundra <digant@stanford.edu>
+# Adapted by Joe Williams (2011) <joe@joetify.com>
# Copyright 2005, 2006 Board of Trustees, Leland Stanford Jr. University
#
# Constructs an iptables rules file from the prefix, standard, and suffix
@@ -130,7 +131,8 @@ sub install_debian {
or die "$0: cannot mkdir /etc/iptables: $!\n";
}
write_iptables( "/etc/iptables/general", @data );
- system("/sbin/iptables-restore < /etc/iptables/general");
+ system("/sbin/iptables-restore < /etc/iptables/general") == 0
+ or die "rebuild-iptables: iptables-restore failed! - $?"
}
##############################################################################
View
@@ -33,5 +33,18 @@
mode 0755
end
+case node[:platform]
+when "redhat", "centos"
+ iptables_save_file = "/etc/sysconfig/iptables"
+when "ubuntu", "debian"
+ iptables_save_file = "/etc/iptables/general"
+end
+
+template "/etc/network/if-pre-up.d/iptables_load" do
+ source "iptables_load.erb"
+ mode 0755
+ variables :iptables_save_file => iptables_save_file
+end
+
iptables_rule "all_established"
iptables_rule "all_icmp"
@@ -0,0 +1,3 @@
+#!/bin/sh
+iptables-restore < <%= @iptables_save_file %>
+exit 0

0 comments on commit 0fbc12c

Please sign in to comment.